Continuing on with the employee security awareness thought: the weakest link – the WSJ article discusses other areas.

Hackers looking for corporate data are targeting personal email.  Some employees prefer the ease and features of private email accounts such as Gmail and Yahoo Mail, so they forward some work email to them.  Not a good idea.  Many personal email services do not offer the same level of protection against malware and phishing that employees get at their corporate environment.

Social media services – rogue employees can do damage.  Its decentralized nature poses a threat to things like leaking announcements, trade secrets, to brand violations.

Consumer gadgets such as smartphones and tablets also introduce the risk of introducing unknown security holes inside corporate networks.  How do you ensure that whatever device coming in, isn’t already infected or isn’t going to expose other resources?

After the spear-phishing attack at RSA this spring, they have finalized plans to purchase a firm called Netwitness that monitors network traffic to look for suspicious patterns.  Others have invested in technology that tries to segregate employee-generated network activity (a personal iPad) into a separate network.

Employee vigilance is key.  Some organization regularly send reminder emails about best practices, such as never emailing a company username and password.  Others run regular spear-phishing attacks against their own employees to teach them to be more aware.

Nancy Sykora
Sr. Account Executive