There is a very good article over at the Grand Forks Herald that makes a compelling case that employees are the biggest security threat a business has.
Steele says the No. 1 threat to a company’s network security today is its employees. It’s been his experience that “breaking into a network is much more difficult that breaking into a person.”
“Trust is very deeply ingrained into our psyche. The easiest way for an attacker to get into a network is to break that trust,” he said.
The article gives 2 scenarios where employees can be tricked into doing something that can put the company at harm:
One is where he poses as a telephone company representative and tells an employee he is there to check phone lines in the basement. Most let him in with no question. Once inside, he is able to pull out a wireless access point, plug it into the network and later get remote access from the parking lot.
The other is where he calls an employee and says he is working with the company’s IT department. He proceeds to convince the employee to log into a remote help desk session with him. Once in, Steele explains “the fix” may take a while and suggests the employee take a break. Once he or she is gone, he is able to install malicious software.
Employee Security Training
The article states that a good offense is the best defense to protect sensitive data. Employee cyber security training is a key to that defense:
Steele reiterated that cybersecurity training for employees is the best form of defense.
More than Firewalls and Anti-virus
The article also states that companies need to do more than just deploy firewalls and anti-virus:
“A network that’s protected just by a firewall, antivirus and backups in this environment is really akin to taking a super carrier from our American Navy today and dropping it into World War II. It would be a similar battle,” Steele said. “The threats are so sophisticated and so capable that you can’t just protect with those three controls anymore.”
Breach Secure Now
Companies can partner with Breach Secure Now to provide advanced security services to their clients. Our Unlimited Clients Employee Security Training makes it very easy to provide security training to all clients’ employees. Take a look at our video that explains the service.