making it as transparent to users as possible
". While tools can provide some levels of protection, this approach increases the risk to businesses. This is because users need to both protect information
and be aware of the dangers that are out there
For example, users must safeguard their laptops and use the best practices if they send sensitive information in email, (e.g., encryption). Also, malware attacks are becoming so realistic, they can fool even seasoned IT professionals (e.g., as it's easy to copy genuine HTML graphics from legitimate websites to develop counterfeit phishing attacks or websites).
Companies can improve their security by teaching their business and IT professionals the best practices in security
. I personally saw some of the fruits of this on May 5, 2000 when our company came through the "Love Bug" attacks (e.g., the $10 billion in damages world wide is still the most significant of all time) with only a handful of infections and no server downtime at all.
Thankfully, security software has greatly improved to quickly stop major attacks like the Love Bug attacks. Microsoft's TWC initiatives have improved their software. Many other software providers have also improved security in their product offerings.
I also see most business professionals are using the best practices at work, especially if the company has strong IT security policies. Still, any company that employs security awareness training will enjoy even greater levels of information protection and decreased malware infections
. AVERT Labs - The Importance of User Education http://www.avertlabs.com/research/blog/index.php/2007/10/02/user-education/ QUOTE
: What is antivirus protection worth when users try all the tricks they know to see the Loveletter.jpg.vbs picture; why do they double-click on executable files? No matter whether itâ€™s Kournikova, Labor Day greetings cards, or just an â€œundeliverable messageâ€ with â€œdetailsâ€ attached, many users donâ€™t care
. Home users risk their privacy and may lose the ownership of their machines, but they canâ€™t resist the temptation. Corporate users are sometimes even less careful
, as itâ€™s not their machine and if itâ€™s broken, itâ€™s not their problem. The IT department will fix it. â€œIf the company sends the mails to my machine, they know what they are doing. Why shouldnâ€™t I click on those mails?â€ I heard that once from a corporate userâ€“it scared me, because it was that user who was causing an internal outbreak.
While that user enjoyed the weekend, the IT guys tried to regain control of their network. About 15 employees of that company were working the whole weekend, plus external consultants. That was one of the most expensive double-clicks that company ever had
Many organizations implement IT security using the approach of "