hwaldron
Posts: 3532
Score: 256
Joined: 9/12/2002
From: Roanoke VA, USA
Status: offline
|
Many organizations implement IT security using the approach of "making it as transparent to users as possible". While tools can provide some levels of protection, this approach increases the risk to businesses. This is because users need to both protect information and be aware of the dangers that are out there.
For example, users must safeguard their laptops and use the best practices if they send sensitive information in email, (e.g., encryption). Also, malware attacks are becoming so realistic, they can fool even seasoned IT professionals (e.g., as it's easy to copy genuine HTML graphics from legitimate websites to develop counterfeit phishing attacks or websites).
Companies can improve their security by teaching their business and IT professionals the best practices in security. I personally saw some of the fruits of this on May 5, 2000 when our company came through the "Love Bug" attacks (e.g., the $10 billion in damages world wide is still the most significant of all time) with only a handful of infections and no server downtime at all.
Thankfully, security software has greatly improved to quickly stop major attacks like the Love Bug attacks. Microsoft's TWC initiatives have improved their software. Many other software providers have also improved security in their product offerings.
I also see most business professionals are using the best practices at work, especially if the company has strong IT security policies. Still, any company that employs security awareness training will enjoy even greater levels of information protection and decreased malware infections.
AVERT Labs - The Importance of User Education
http://www.avertlabs.com/research/blog/index.php/2007/10/02/user-education/
QUOTE: What is antivirus protection worth when users try all the tricks they know to see the Loveletter.jpg.vbs picture; why do they double-click on executable files? No matter whether it’s Kournikova, Labor Day greetings cards, or just an “undeliverable message” with “details” attached, many users don’t care. Home users risk their privacy and may lose the ownership of their machines, but they can’t resist the temptation.
Corporate users are sometimes even less careful, as it’s not their machine and if it’s broken, it’s not their problem. The IT department will fix it. “If the company sends the mails to my machine, they know what they are doing. Why shouldn’t I click on those mails?” I heard that once from a corporate user–it scared me, because it was that user who was causing an internal outbreak.
While that user enjoyed the weekend, the IT guys tried to regain control of their network. About 15 employees of that company were working the whole weekend, plus external consultants. That was one of the most expensive double-clicks that company ever had
_____________________________
Harry Waldron - Security News & Best Practices Blog
|
Printable Version
Security Awareness - The Importance of User Education - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread