Monday, September 26, 2011

WSJ says naive employees make themselves targets for corporate hackers, both with "professional" blogs and with at-work behaviors

Geoffrey Fowler has a stinging article in today’s Wall Street Journal, indicating that the biggest security threat for most firms is gullible and loquacious employees (“YOU”), with the link here. Webroot tweeted this link today.

I was surprised to read how easily employees are fooled by phishing attacks from the outside and click on links. But when I worked for ING-ReliaStar-USLICO, most of the emails I received were internal. In fact, until about 1995, most of the emails came on the mainframe from SYSM (as a CICS region).

One issue is how much information employees post themselves, even for “professional” purposes on sites like LinkedIn.  Blogs are an issue, but social networking sites like Facebook and Twitter may pose less of a targeting risk than the more “professional” ones.  Employers would need to consider these exposures with their blogging policies.

Customer service workstations could get infected by trojans that would scrape personal information from clients or customers in the general public. 

At ING, we actually were infected with a virus called “Magister” three business days before 9/11 in 2001, and my work station remained clean. It was a big deal, but it would all be forgotten the following Tuesday.

No comments: