Rob Chapman is Director of Security Architecture, at the US-based network security company Cybera, which has a UK office in Slough. His advice: design your networks to limit access to only what’s needed. He writes:
“I asked a colleague once if he would be willing to speak to our IT department at a lunch and learn event. He was a security professional that was hired to hack companies. He readily agreed and promptly showed up with one of the most memorable presentations I’ve seen. The presentation was simply titled, “How I Will Phish You.” It wasn’t a question of if he would be successful. It was simply understood he would be. He wouldn’t get everyone, but he would get some — and that was all that mattered.
“What was remarkable about his presentation was that it wasn’t a story of how he used super-computer hacking skills to tackle exotic computer programming issues. Rather, it was a story of how people over the last 15 years have become so de-sensitized to putting personal information online for free that it was simply the easiest way to attack companies. His job gets easier each and every year simply because the hardest part of securing our personal and work lives depends on the weakest security facet we face: people. We’ve been playing to lose.
“Since the mainstreaming of computers in the workplace I can’t think of a single time when someone’s online behavior impacted a company’s security posture as much as it does today. It’s a tough landscape to navigate. You can warn your colleagues, but at the end of the day there’s only so much reasonable reach you can have with company policy.
“It’s easy to think this is just a matter of personal responsibility, but I think people give themselves too much credit for independent thinking and action in the face of aggressive marketing efforts to solicit personal/confidential information from them. There’s no barometer for what to share. No intuition. Billions are spent each year building algorithms designed to attract this exact kind of over-sharing. Each social media platform for work and life wants to know where I am, where I’ve been, my relationship status, my work status, where I’ve eaten, what I like, who I vote for, and on and on. We’re rewarded with faster connections online and platforms that cater ever more carefully to what we desire. The most insidious part is that it’s become so automatic that we don’t even stop to ask, ‘Is this really a good idea?
