Protect your business against dangerous information leaks

Feb. 9, 2006
Modern businesses are frequent targets for information thieves, people who know all sorts of ways of getting into a company's computer system and making off with account numbers, R&D secrets, employee information, and other valuable data.

Joseph Kirkpatrick
RavenEye Inc.
Tampa, Fla.


If you think your computer network is well protected against attack, you might be right. But your company may still be highly vulnerable. The reason: Many of us have not paid nearly enough attention to the biggest weakness of all — our employees.

Most employees are hardworking and loyal, and would never intentionally do anything to harm their employer. Even so, employees are often the weakest link when it comes to business security and to attacks from information thieves, experts typically referred to as "social engineers."

When we think of attacks on computer networks, we usually conjure up images of geeky whiz kids who know how to hack their way past sophisticated computer security systems. Hackers are certainly a big security problem, but a more likely attack may come from someone who uses simple but effective socialengineering techniques.

The SANS Institute, which specializes in information security training and certification, defines social engineering as a hacker's use of psychological techniques to get information from unsuspecting people needed to gain access to computer systems.

According to IDC, a global provider of market intelligence, advisory services and events for the information technology and telecommunications industries, businesses around the world will spend $45 billion in the coming year on information-technology security to help thwart hackers. But most of those same businesses will ignore the security dangers aimed at their employees, and a significant number of them will pay a heavy price for that inattention.

Without meaning to (or even really knowing what happened), employees can and do expose critical information to social engineers clever enough to ask for it in just the right way. And all of the expensive technology in the world can't address lapses in judgment or procedures.

Fortunately, companies can take steps to effectively prepare employees for social-engineering attacks. But it takes awareness, education, and training. Staffers can be trained to know what information is considered internal and confidential, and they can learn about such things as the proper disposal of documents and the careful utilization of remote-system access.

Employees who know what to look for can help minimize the risks posed by hackers and thieves who know all the tricks for stealing intellectual property and customer information.

RavenEye ( conducts real-world attacks on a company's sensitive information through electronic and socialengineering methods and recommends security fixes.

Sponsored Recommendations

A closer look at modern design considerations for food and beverage

April 9, 2024
With new and changing safety and hygiene regulations at top of mind, its easy to understand how other crucial aspects of machine design can get pushed aside. Our whitepaper explores...

Condition Monitoring for Energy and Utilities Assets

April 9, 2024
Condition monitoring is an essential element of asset management in the energy and utilities industry. The American oil and gas, water and wastewater, and electrical grid sectors...

Strategizing for sustainable success in material handling and packaging

April 9, 2024
Download our visual factory brochure to explore how, together, we can fully optimize your industrial operations for ongoing success in material handling and packaging. As your...

Fueling the Future of Commercial EV Charging Infrastructure

April 9, 2024
Miguel Gudino, an Associate Application Engineer at RS, addresses various EV charging challenges and opportunities, ranging from charging station design strategies to the advanced...

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!