10 Stupid Moves That Threaten Your Company's Security - InformationWeek
IoT
IoT
IT Leadership
News
1/25/2016
07:06 AM
Dawn Kawamoto
Dawn Kawamoto
Slideshows
50%
50%
RELATED EVENTS
4 Keys to Improving Security Threat Detection
Dec 15, 2016
In this webinar, Ixia will show how to combine the four keys to improving security threat detectio ...Read More>>

10 Stupid Moves That Threaten Your Company's Security

As you walk through the door of your company each morning, you are potentially poised to be the weakest link in your organization's defense against hackers and malicious attackers. Here are the 10 boneheaded moves you make -- often without realizing the security risk.
Previous
1 of 11
Next

(Image: alengo/iStockphoto)

(Image: alengo/iStockphoto)

Despite companies spending billions of dollars on information security technology, it turns out that the greatest threat to their security may be you -- their clueless employee.

Granted, employees' intentions are not always meant to be malicious, but, rather, it's often a case of boneheaded maneuvers, say security experts.

And employees, as a collective group, account for a wide swath of the confidential data loss at companies, according to a recent study. Of the 5,564 IT professionals queried in the Global IT Security Risks Survey by Kaspersky Lab and B2B International, 73% were affected by internal security incidents. It turns out that employees were the largest single group that created this confidential data loss, accounting for 42% of the incidents.

"It is staggering how often this happens," said Andrey Pozhogin, senior product marketing manager from Kaspersky, in reference to the frequency of employees creating this data loss.

Rob Sadowski, technology solutions director at RSA, the security division of storage titan EMC, noted, "End users are the front line of defense. The first stage of an attack is to gain a foothold in the organization. It's not to circumvent (the security system in place) but to gain access…Once access is gained, then the attack begins and it's off to the races and the threat spiders out."

[Read Encryption Debate: 8 Things CIOs Should Know.]

And what are companies doing to educate their employees on security issues, given they are the first line of defense? An estimated 75% of companies with more than 100 employees have some sort of training, said Chester Wisneiwski, a senior security advisor at security firm Sophos. That training can range from selecting a complex password to an awareness of phishing attacks, which is when an attacker tries to lure a user to click on a link to a malicious website or download an attachment loaded with nefarious code, like software that will log a user's keystrokes.

Wisneiwski added that the larger the company, generally, the more extensive the training program. He added that the type of industry a company is in will also make a difference, noting even small companies in the tech sector usually have some form of security training.

That said, however, Wisneiwski noted, "A lawyer, an accountant, or someone in marketing will...never be computer nerds." As a result, here are 10 boneheaded moves to avoid to reduce your chances of becoming the weakest security link at your company. Are you guilty of any of these missteps? Did we leave any out? What are you doing at your company to minimize potential security risks? Let us know in the comments.

Dawn Kawamoto is a freelance writer and editor. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's News.com, TheStreet.com, AOL's DailyFinance, and The ... View Full Bio

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 5   >   >>
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
8/26/2016 | 8:14:56 PM
Re: Even Password Management tools can cause problems.
Hey batye !  Long time no see, good to see you old friend.   I agree no getting around the never ending hell that are patches and updates.  

Windows 10 is especially nerve racking.   After my last forced update, the only thing I noticed changed was where the power button was located and of course some new wallpaper.

 

You know you can never have enough wallpaper.
batye
50%
50%
batye,
User Rank: Ninja
2/3/2016 | 11:30:48 AM
Re: Even Password Management tools can cause problems.
@Broadway0474, with Windows security it never ending upgrade/patch process :)... sad reality of IT age...  how I see it ....:(
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
1/31/2016 | 3:03:37 PM
Re: Even Password Management tools can cause problems.
@TerryB, No worries, no offense taken. And I love how you really got to the issue there. It's true --- we are letting Windows off the hook for being such a hole-ridden, easily corruptible OS. It should be a given know that users cannot be trusted. Deal with it.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/31/2016 | 10:34:34 AM
Re: Even Password Management tools can cause problems.
Indeed, after hearing that statistic several years ago, I started paying more attention to my zippers.


Sure enough, they all say "YKK" on them.
TerryB
50%
50%
TerryB,
User Rank: Ninja
1/30/2016 | 9:45:31 PM
Re: Even Password Management tools can cause problems.
@joe, YKK is a customer. I did not know that about zippers though. That market they are in called Cold Heading. In old days it was big for us, now Peru and China dominate on price. We are big in Batteries (Duracell, Energizer and Rayovac all custs) and ammunition now. Also in photovoltaic but that is tough market.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2016 | 11:49:47 AM
Re: Even Password Management tools can cause problems.
@TerryB: Incidentally, I was under the impression that YKK manufactured something like 97% of the world's zippers.  Is that figure wrong/no longer correct?
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2016 | 11:03:37 AM
Re: Even Password Management tools can cause problems.
@TerryB: Your tale/experiences remind me of an incident a few years ago when some disgruntled (possibly former...I don't quite recall) Coca-Cola employees stole and offered to sell the secret Coca-Cola recipe to Pepsi.

Pepsi played along -- while immediately contacting Coca-Cola and the FBI.  They all set up a sting to catch and arrest the Coca-Cola IP thieves.

And, of course, it wouldn't really have benefited Pepsi to take the deal in the first place.  There's a terrific economic analysis on why Pepsi buying and somehow leveraging Coca-Cola's formula would have only hurt both companies in the long run -- driving them to RTTB brinksmanship.  The blogger explains it better than I can, and his piece can be read here: freakonomics.com/2006/07/07/how-much-would-pepsi-pay-to-get-cokes-secret-formula/
TerryB
50%
50%
TerryB,
User Rank: Ninja
1/29/2016 | 10:00:48 AM
Re: Even Password Management tools can cause problems.
@Broadway, I want to apologize if you misunderstood my zipper comment. That was not intended to be an insult, I was just trying to point out all the boring, mundane places you use our product everyday. One of our customers was American Zipper. Not sure anymore, that is example of easy stuff to make that Peru and China excel in with their low cost.

Two key takeaways from what I was trying to say:

1) Many companies are like us, have no data which is used in bank or identity theft. You get one of our Sales laptops, you might get a list of contacts at our customers containing Name, company address and their work phone number. HR does not have client computers with employee info, all that is server based. So our stupidest employee can't impact your life, period.

2) My main reason for replying to you was trying to figure how you envisioned a system where you feed every employee you hire thru a vetting process to make sure they have high quality computer security understanding and are immune to every phishing exploit. I'm only IT guy here and my job is development. You want me to get involved in every hire and give yay/nay based on whther I think they are tech savvy?

For existing hires, are you suggesting we fire a person who is very good at their core job because they click on link which infects them with malware? Or someone steals their laptop while traveling? If so, what guarantee do we have the next employee can even do their core job, much less be better at security issues?  When you get a good employee at their discipline, you keep them. If you know another world than that, please enlighten me.

This whole article and forum is way off base anyway. There is only one core stupid move that is killing everybody:  Connecting ridiculously insecure client computers (Yeah Windows, I'm talking about you) to the freaking internet to do business. We are sitting here debating password strength issues when clicking on wrong link in email or web site can modify your core o/s to install software to capture your every keystroke and screen image and send it home to the bad guys.

Talk about stupid. We are sitting here debating how to best lock the door when the wall has a freaking hole in it. I spent 15 years working in the pre internet age, when businesses used servers with dumb terminals and private circuits. We had none of these problems, period. If we knew what we know now, is online banking and POS card purchasing worth it? If so, just how lazy (or stupid) are we as consumers? I'm on my 3rd debit card, other two were tried to be used on the other side of world.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/29/2016 | 8:52:24 AM
Re: Most Overlooked Security Flaw
GaryS: Additionally, many organizations fail to properly and completely destroy data.  "Delete" -- or even reformatting -- does not eliminate all data.  While there are more effective ways to do it "in software", complete physical destruction of the drives is usually the best (and often the only) way.
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
1/28/2016 | 11:01:15 PM
Re: Even Password Management tools can cause problems.
Well Terry B, I stand corrected. Next time I zip up my jeans, I will think of all the data that is probably being stolen because of your company's sales and HR staff. I will imagine all sorts of solutions, like forced retirements and maybe building that factory you speak of, but alas, once I am done zipping up, I will stop thinking and caring about it and will move on to my next fleeting thought. Best of luck!
Page 1 / 5   >   >>
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll