It isn't news that employees are a major factor when it comes to security woes. Many don't know or fully understand their company's security policy. They download applications without permission. They use USB sticks without a second thought and lose them or bring a virus from their home computer to the office. And so on.
Top 10 Cyber Security Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
So, it was interesting to read about a test the Department of Homeland Security conducted. The plan, apparently, was to see how difficult it would be for hackers to get into a computer network via employees. Apparently, it isn't too difficult. According to Bloomberg:
Staff secretly dropped computer discs and USB thumb drives in the parking lots of government buildings and private contractors. Of those who picked them up, 60 percent plugged the devices into office computers, curious to see what they contained. If the drive or CD case had an official logo, 90 percent were installed.
Ray Bryant, CEO of Idappcom, believes the test results show that not only can company employees not be trusted with security, but it also shows that you cannot rely on staff installing IT security systems properly. He said:
Whilst many IT security professionals do install their IPS, IDS, UTM and firewall systems effectively, as well as configuring them correctly, there is a sizeable minority who do not, largely due to a lack of effective training.
And this leads to how to identify incorrectly configured systems. Bryant said:
The answer is automated and effective auditing of the security appliance and allied systems, which then assists the IT security management about which areas of network/IT system security need tightening up on.
Another way to address the problem is to reconsider the use of USB sticks, and not just by making stricter policy of who can use them in house. As this piece in The Wall Street Journal so aptly puts it:
As an aside, it is now common practice for companies to distribute their press releases and other press materials on USB sticks handed out to journalists at events. Just saying.