Network Security and Social Engineering

Every day my inbox is flooded with invitations to read, listen to or participate in events associated with network security.  

 

I read about companies that have been hacked - big companies that spend millions on security and have hundreds of technicians trying to ward off intrusions.  Sometimes it’s friendly fire that causes the problems.  The Target hack a few years ago was caused by an HVAC contractor that did work for Target.  They had access to the Target systems and they were hacked because they couldn't spend the millions Target did on security.

 

I listen to webinars with names like “Network Security and Hacking Preview” and “How to Prevent Ransomware in Healthcare”.  Ransomware is sweeping the world.  It’s a malicious program that bad guys install on a network that is unprotected and it locks up files and folders so they can no longer be accessed.  After a short time, the program pops up to let the user know that for a small amount - $300 for small businesses $10,000 or more for larger ones - -they will provide a key to unlock the files.  And they do - after payment.  It’s a big problem and it’s growing because of it’s simplicity.

 

And of course, there are the conferences headlined by “experts” that will introduce new hardware, software and other tools that will make the network safe -er, not completely safe.  That’s because there’s a component that no tool can solve - people.

 

More than half of company intrusions are caused by employees being careless with incoming emails, infected websites and contact with unknown individuals.  This is called social engineering. Employees need to be trained on a regular basis by management - do not open emails from unknown senders, do not open attachments or click links in emails sent by reputable companies - UPS, AMAZON, FEDEX.  These are easily manipulated to look real and can cause real trouble.

 

The great thing about employee training is that two person companies can afford to do it.  There should be no excuse for not explaining the dangers of seeming innocent actions by great employees that can cause real damage. And if you’re uncomfortable with the training,there are companies that can do it for you.