This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
HACKING PEOPLE:


Why Your Biggest Vulnerability Isn't In Your IT Department going. Never leave documents unattended.


By Clinton Henry


Last week, Chris stopped off at his local coffee shop to have a chai before heading off to a trade show to deliver a keynote speech.


As he sat at his usual spot near the counter a heated discussion ensued next to him regarding the Tird Quarter of 2017. In the middle of the morning’s caffeinated hustle and bustle, a marketing meeting was in progress.


He knew it was a marketing meeting because the three employees left the screens on their computers open to “Marketing Plans.” Much to his amazement, they “abandoned” the table and were apparently in line (as well as online). Tey left two smartphones and a couple of memory sticks out in the open, plain as a Pumpkin Spiced Latte.


While reasonable predictions aren’t always correct, there’s a strong possibility that sooner or later the company will experience a breach. Moreover, it’s highly unlikely that anyone within the business or IT has taken a serious look at how its users operate to protect from this sort of vulnerability.


The Biggest Risk


Te biggest risk for any organization getting hacked is neither the firewall nor the server. It is another problem altogether: Social Engineering. Social engineering is when employees inadvertently (or out of malice) give cyber thieves sensitive corporate or client information. Te problem with most businesses and IT departments is while they may be eager to “invest” in cybersecurity measures for their organization, they often neglect investing in shielding the most common attack surface motivated hackers use to gain access: employees.


Let’s review some of the socially engineered pitfalls that occur all too often:


Public Wi-Fi – Public Wi-Fi is to your computer network as Kryptonite is to Superman or garlic is to a vampire. Unless you are sending out information that is encrypted via a secured site, never conduct any business from an unsecured Wi-Fi hotspot.


Public Places – In the space of two seconds, it would have been possible for a thief to take screen shots of the Tird Quarter plan with a smartphone, or to swipe the smartphones and stick drives or even one of the laptops. Any document, especially any document with links to your organization, is all a cyber thief needs to get


28


Ever hear of “Visual Trespass?” It is the practice of someone in any public space “looking over your shoulder” viewing your computer screen. Here’s an apt example: Alison, the head of tax and audit for a publicly traded company was traveling and noticed a stranger was trying to observe her computer screen in an airport while she was working on her corporation’s soon-to-be-public 10-k filing! While the stranger may have been rude (and not a cyber thief), the person working on those financials was misguided and careless.


Moreover, public conversations that should be held in private can undo a company quite easily. Recently, the same Chris from earlier was in O’Hare airport while a gentleman next to him was on the phone with a colleague who needed access to a file. Te helpful companion, within earshot of Chris, decided it was a good idea to give his coworker his personal password so he could access the file. If Chris was an opportunist, he could have simply made conversation with the unsuspecting traveler later and traded business cards, giving Chris his username and company along with his password. Te businessman would have been none the wiser.


Phishing – Remember those emails we once received from Nigeria, Lithuania or Romania that named us as the heirs to great fortunes? All they needed to secure the millions owed to us was a credit card number. People fell for it in droves. Ten there were fake job postings that asked us for background information. Te postings looked legitimate and we gave them what they asked for—and we fell for that too. Phishing has not gone away. It has become so sophisticated that we believe it comes from our bosses or a supplier or a nonprofit we might support. Te links in the email are typically malware that can infect the entire network and grab important files. Don’t fall for it. When in doubt, always verify. An interesting fact: Millennials are more prone to falling for phishing than older employees! Over- familiarity with and blind trust of technology can be a dangerous thing.


Vindictiveness – Remember the angry employee who was terminated? What precautions were taken to make sure that he or she was immediately shut out from the network? Terminated employees can sometimes be vindictive. Have a plan and protect your data so the recently fired sales executive can’t walk to your competitor with your latest leads or biggest accounts.


TPI Turf News March/April 2017


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68