BreachExchange mailing list archives
5 Things Your Average Employee Doesn't Know About IT
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 10 Aug 2018 09:30:36 -0400
http://it.tmcnet.com/topics/it/articles/2018/08/09/439080-5-things-average-employee-doesnt-know-it.htm 5 Surprisingly Basic IT Truths Your Average Employee Doesn’t Know When you’ve spent a career working with computers, networking systems, and the internet, it’s hard to imagine that there are people out there who know absolutely nothing about the most basic topics and issues. While merely problematic most of the time, this lack of knowledge – which is typically more naivety than stupidity – can end up being quite dangerous. All it takes is one or two slip-ups and a minor problem can become a major hassle or security threat. You won’t always know where your employees are insufficient until an issue presents itself, but you may be able to get ahead of things a bit by addressing the following commonly misunderstood topics. 1. Email Attachments Aren’t Always Safe While less popular now than they’ve been in the past – thanks in large part to the evolution of social media as the primary platform for sharing ideas and content – email attachments are seriously misunderstood. The average person assumes that, if sent by a friend or colleague, an email attachment is safe to download. (The same goes with links sent in the body of an email.) However, as you are well aware, email attachments are actually one of the common vehicles through which computer viruses are spread. Aside from teaching employees common sense – like don’t download a random attachment from a sender you don’t know – it’s also smart to educate them on how to identify high-risk situations. For example, it’s never a good idea to download an attachment with an .exe file extension unless you’re positive about what it is and where it came from. Little bits of information like this can prove to be enormously helpful. 2. Computers Can Spy On You Most people think that their computers and devices are safe, so long as they don’t download viruses or browse unsafe websites. But what the average employee doesn’t know is that an infected computer can actually be used as a tool for spying. Whether via an email attachment or some other method of infiltration, hackers can actually gain access to the cameras on computers and then use them to spy on unsuspecting users. In the private sector, this spying is often used for entertainment or sexual exploitation. In the business world, the spying can reveal trade secrets or serve as a method for launching a separate attack. In addition to teaching internet users to avoid high-risk scenarios, it’s wise to educate them on the basics of covering their cameras. “Unless you are using video chat or taking photos, your camera should be covered to protect against hackers and perverts,” InMyArea.com explains. “If you forgot to cover your camera, be aware of when your camera light is on. If you are not using a video or photo-based application even if a window pops up saying your webcam is ‘running tests,’ this light should not be on.” This may seem like a minor issue, but it’s becoming much more pervasive. The better you are at heading off these issues, the fewer problems you’ll face. 3. Simple Passwords are Easy to Crack Strong passwords are vital in today’s hostile cyber landscape. The problem is that very few employees understand the significance (or know what it looks like to practice good password hygiene). Helping them understand passwords and how they often set off a domino effect when compromised will increase your security. One good rule of thumb is to require employees to change their passwords every so often – perhaps every 60 or 90 days. You should also prohibit repeat passwords and require a combination of characters. At the very least, this will remove the low hanging fruit that hackers like to go after. 4. Deleting Search History Isn’t Enough Most employees think they’re using their computers and other internet-connected devices in anonymity. What they don’t realize is that you’re watching. Not in a creepy way, but in a manner that looks out for the best interests of the company. Some employees will think they can search for questionable things on the internet – such as pornography, job offers, or gaming sites – and then delete their history. What they don’t know is that you still typically have access to this information. Let employees know early and often that you can see what’s happening on their computers. Not only will this hopefully cut down on frowned upon behaviors, but it could actually increase productivity. 5. Software and Application Updates Matter Does your average employee know that the two most likely reasons a computer or user will get exploited is due to unpatched software or some sort of social engineering event where an individual is tricked into installing something they shouldn’t? In fact, these two issues account for nearly 100 percent of all risk for a company or one of its users. Employees need to know that software and application updates – as annoying as they may be – aren’t voluntary or insignificant. In fact, if they don’t install these updates as they come out, they could be opening the company up to massive risk. The more you drive this idea home, the more they’ll take it seriously. The Role of Education in Corporate IT In a large corporation, the IT department has more responsibility than it realizes. In addition to maintaining the proper systems and keeping the company’s network and hardware in tip-top shape, your department should also be investing in education. Education can happen in a variety of capacities and formats. Some of it is very informal, such as making an offhand comment when you observe an employee do something inefficient or wrong. Other education is quite formal – often happening in the form of courses, classes, lectures, tutorials, and/or hands-on training. However you choose to implement it is your choice, but make sure you aren’t taking basic information and security practices for granted. Not everyone has an IT background and certain things that you believe to be common sense are actually misunderstood by most employees. Think about this as you develop new and advanced security strategies for your company. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- 5 Things Your Average Employee Doesn't Know About IT Destry Winant (Aug 10)