Support the Blog


My Favorite’s

Employees Are The Biggest Computer Security Threat

The average computer user doesn’t have a clue about computer security and they do a very poor job of securing their own home computers. Why would an employer expect them to put forth any more effort while at work? They can’t that is why the employer has to take security into their own hands and for starters lock down the computer. According to the latest InfoSecurity study nearly 90% of office workers will give up their password if you give them a cheap pen (or candy any other trinket I am sure). Social Engineering works some people just need to be asked any question and they will answer.

So how should an employer prevent their employees from opening them up to vulnerabilities? Education seems to be the easy answer, but I have found that the average employee doesn’t really want to be educated. An employer can send them to training, but unless they are tested and held accountable for the results the training is useless.

The latest study involves a person on the street handing out CDROMs to people, telling them the discs contained a special “Valentine’s Day Promotion.” Seems strange to me, but apparently not to the average person. Many people simply went back to their office and loaded the CD into their computers where instead of a Valentine’s Day promotion; it sent the researchers a note, including the installation location. So, now all you malicious hackers know how to get your software installed inside big companies. Just give them a free CDROM and some fake story about a promotion or some other free offer.

So as the employer, you have to protect yourself by hiring very good network administrators and computer security professionals. They may be expensive, but well worth the money. If you are a small company and cannot afford full time professionals than you can outsource talent or bring in a consultant. If you want to take matters into your own hands then some easy things to do are:

  • Promote computer security awareness
  • Implement appropriate policies and related controls (and enforce them!)
  • Don’t allow software installation of any kind (except by IT professionals)
  • Shut down all network ports that aren’t required for the business (IM, P2P, media streaming, etc…)
  • Routinely scan for vulnerable ports
  • Block web access to personal email (to prevent outside malicious software such as virii and worms)
  • Require passwords and stricter password complexity
  • Restrict system permissions to mitigate vulnerabilities (only IT professionals should have full access to the system)
  • If you are using MS Windows XP turn on automatic updates
  • Use a corporate antivirus application and turn on automatic updates
  • No personal media added to the system (music, data CDs, etc…)
  • Use a third party browser such as Firefox or Opera
  • If you are using MS Windows OS then run two or more Anti-Spyware applications such as Microsoft’s Windows Defender or Webroot’s Spysweeper
  • Backup all crucial data often (I usually recommend keeping a copy onsite and offsite)

Finally, most employers watch and track network usage, but few seem to do anything about misuse. The Internet is one of the best tools a business has at its disposal, but it is also one of the largest killers of productivity and most misused resource.

I had a reader reach out and provide an outstanding password generator, I’ve checked it out and like it… give it a try here:

Leave a Reply