Protect your business against dangerous information leaks

Feb. 9, 2006
Modern businesses are frequent targets for information thieves, people who know all sorts of ways of getting into a company's computer system and making off with account numbers, R&D secrets, employee information, and other valuable data.

Joseph Kirkpatrick
President
RavenEye Inc.
Tampa, Fla.

 

If you think your computer network is well protected against attack, you might be right. But your company may still be highly vulnerable. The reason: Many of us have not paid nearly enough attention to the biggest weakness of all — our employees.

Most employees are hardworking and loyal, and would never intentionally do anything to harm their employer. Even so, employees are often the weakest link when it comes to business security and to attacks from information thieves, experts typically referred to as "social engineers."

When we think of attacks on computer networks, we usually conjure up images of geeky whiz kids who know how to hack their way past sophisticated computer security systems. Hackers are certainly a big security problem, but a more likely attack may come from someone who uses simple but effective socialengineering techniques.

The SANS Institute, which specializes in information security training and certification, defines social engineering as a hacker's use of psychological techniques to get information from unsuspecting people needed to gain access to computer systems.

According to IDC, a global provider of market intelligence, advisory services and events for the information technology and telecommunications industries, businesses around the world will spend $45 billion in the coming year on information-technology security to help thwart hackers. But most of those same businesses will ignore the security dangers aimed at their employees, and a significant number of them will pay a heavy price for that inattention.

Without meaning to (or even really knowing what happened), employees can and do expose critical information to social engineers clever enough to ask for it in just the right way. And all of the expensive technology in the world can't address lapses in judgment or procedures.

Fortunately, companies can take steps to effectively prepare employees for social-engineering attacks. But it takes awareness, education, and training. Staffers can be trained to know what information is considered internal and confidential, and they can learn about such things as the proper disposal of documents and the careful utilization of remote-system access.

Employees who know what to look for can help minimize the risks posed by hackers and thieves who know all the tricks for stealing intellectual property and customer information.

RavenEye (www.RavenEye.com) conducts real-world attacks on a company's sensitive information through electronic and socialengineering methods and recommends security fixes.

Sponsored Recommendations

NEW Low Profile, Ultra Compact Power Supplies

March 13, 2024
Learn more HERE about Altech's Power supplies!

Altech's Liquid Tight Strain Relifs Catalog

March 13, 2024
With experienced Product Engineers and Customer Service personnel, Altech provides solutions to your most pressing application challenges. All with one thought in mind - to ensure...

Industrial Straight-Through Cable Gland

March 13, 2024
Learn more about Altech's cable glands and all they have to offer for your needs!

All-In-One DC-UPS Power Solutions

March 13, 2024
Introducing the All-In-One DC-UPS, a versatile solution combining multiple functionalities in a single device. Serving as a power supply, battery charger, battery care module,...

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!