When we put together a security plan and offer IT security solutions, most companies expect us to come back with 1’s and 0’s. They expect us to say “you need this type of code, this type of patch, and then you’re going to be much safer.” And while we most certainly offer information security services that have to do with improving cyber security, the “social” security isn’t something most companies are expecting to hear.
Of course we’re not talking about the social security you’re most familiar with. We’re talking about the mistakes that occur due to human fallibility. Most companies don’t think about this enough; after all, they only hire the best. But being the best at a job doesn’t mean that the average worker won’t make mistakes when it comes to security. Let’s take a look at some of the problems we can reduce that take advantage of social engineering.
The Friendly Door Holder
People want to be friendly. And even if they’re not actually friendly, they like to appear friendly. Either way, there’s a good chance that they’re going to hold the door open for someone who’s carrying too many packages, even if they don’t know the person and don’t see a name badge. At that point, the wrong person is in the building.
You might think this is far-fetched, but this is exactly what we do when we stop by and physically test your security. We have gained access to restricted areas that we’re not allowed to divulge, all because employees are friendly and helpful. And while that’s a great employee attitude in some aspects, it’s important that they follow proper security measures and not be overly friendly at security doors.
The Password Displayer
Most people have a dozen or more passwords in their private lives. Having even more at work just confuses them. Constant password changes might improve security, but it makes it even more difficult to remember new passwords. After contacting IT so many times and admitting to their forgetful nature, many employees become embarrassed and instead write their passwords down. And all too often they write it down on a sticky note and affix it to their computer monitor.
During our security overview, we’ll enter your building (thanks to the friendly door holder mentioned above) and then walk around looking for all of these passwords. Once we make our report you’ll realize just how big a problem this is.
The Email Opener
Chances are your business’ efficiency would drop exponentially without email. And while this simple tool is incredibly useful, few companies take the necessary precautions to warn employees as to how it can introduce huge security concerns. Teaching them the best ways to spot a bogus email, even if appears to come from inside the company, can go a long way to improving cyber security.
What Can Be Done?
To fix many of these problems, you can call a company that surveys your social engineering breaches and reports back to you on how they can be overcome. You need an internet security company that goes beyond the network and servers and provides training that increases employee awareness of the tricks that are used to break down security procedures. After such training your security concerns at the employee level will drop considerably.
“In any organization, the weakest link in the security chain is often the level of security awareness of the people who work there.” It’s not from the FBI’s website or Google’s server farm…it’s from our page on social engineering! We think it sums everything up perfectly. If you want to learn more about how you can improve the security risks that your employees introduce to your business, simply click that link and then contact Ingalls Information Security.