Protect your business against dangerous information leaks

Feb. 9, 2006
Modern businesses are frequent targets for information thieves, people who know all sorts of ways of getting into a company's computer system and making off with account numbers, R&D secrets, employee information, and other valuable data.

Joseph Kirkpatrick
President
RavenEye Inc.
Tampa, Fla.

 

If you think your computer network is well protected against attack, you might be right. But your company may still be highly vulnerable. The reason: Many of us have not paid nearly enough attention to the biggest weakness of all — our employees.

Most employees are hardworking and loyal, and would never intentionally do anything to harm their employer. Even so, employees are often the weakest link when it comes to business security and to attacks from information thieves, experts typically referred to as "social engineers."

When we think of attacks on computer networks, we usually conjure up images of geeky whiz kids who know how to hack their way past sophisticated computer security systems. Hackers are certainly a big security problem, but a more likely attack may come from someone who uses simple but effective socialengineering techniques.

The SANS Institute, which specializes in information security training and certification, defines social engineering as a hacker's use of psychological techniques to get information from unsuspecting people needed to gain access to computer systems.

According to IDC, a global provider of market intelligence, advisory services and events for the information technology and telecommunications industries, businesses around the world will spend $45 billion in the coming year on information-technology security to help thwart hackers. But most of those same businesses will ignore the security dangers aimed at their employees, and a significant number of them will pay a heavy price for that inattention.

Without meaning to (or even really knowing what happened), employees can and do expose critical information to social engineers clever enough to ask for it in just the right way. And all of the expensive technology in the world can't address lapses in judgment or procedures.

Fortunately, companies can take steps to effectively prepare employees for social-engineering attacks. But it takes awareness, education, and training. Staffers can be trained to know what information is considered internal and confidential, and they can learn about such things as the proper disposal of documents and the careful utilization of remote-system access.

Employees who know what to look for can help minimize the risks posed by hackers and thieves who know all the tricks for stealing intellectual property and customer information.

RavenEye (www.RavenEye.com) conducts real-world attacks on a company's sensitive information through electronic and socialengineering methods and recommends security fixes.

Sponsored Recommendations

Flexible Power and Energy Systems for the Evolving Factory

Aug. 29, 2024
Exploring industrial drives, power supplies, and energy solutions to reduce peak power usage and installation costs, & to promote overall system efficiency

Timber Recanting with SEW-EURODRIVE!

Aug. 29, 2024
SEW-EURODRIVE's VFDs and gearmotors enhance timber resawing by delivering precise, efficient cuts while reducing equipment stress. Upgrade your sawmill to improve safety, yield...

Advancing Automation with Linear Motors and Electric Cylinders

Aug. 28, 2024
With SEW‑EURODRIVE, you get first-class linear motors for applications that require direct translational movement.

Gear Up for the Toughest Jobs!

Aug. 28, 2024
Check out SEW-EURODRIVEs heavy-duty gear units, built to power through mining, cement, and steel challenges with ease!

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!