Miss Zomboko
JF-Expert Member
- May 18, 2014
- 4,498
- 9,279
1. Clicking on e-mail attachments from unknown senders
Hopefully your user community has learned by now to avoid e-mail “stranger danger.” When it comes to attachments, if you don’t know who sent it, simply delete it. For that matter, it’s a good safety practice to ignore non-business-related attachments from people you do know. These attachments could have Trojans embedded in jokes or photos sent by unsuspecting friends. If the attachment is truly important, the person who sent it will follow-up with a phone call.
2. Installing unauthorized applications
Some employees take the phrase “personal computer” a little too literal, thinking they can install whatever they want on a company-owned PC. ITunes, instant messaging, screen savers and other fun utilities. Even if these applications are harmless, they must be discouraged as a violation of company standards.
3. Turning off or disabling automated security tools
Have you ever known a user to turn off or reschedule an automated virus scan or security update? In truth, we’ve probably all done it once or twice because the time of the scan or update just wasn’t convenient. Circumventing security measures, even in the name of productivity, simply can’t be allowed.
4. Opening HTML or plain-text messages from unknown senders
Not just attachments, but also regular messages from strangers can pose a danger. Increasingly, HTML documents are the source of spyware or executable code. Teach your users to be skeptical of every message – with or without attachments – from unknown sources. When in doubt, delete the message. If it’s important, the sender can follow-up again with another message or a phone call.
5. Surfing to gambling, porn or other dicey sites
Some people think that they have the right to visit any Web site, as long as it isn’t done on company time. Well, bucko, time isn’t the only resource of concern here. Many “vice” sites are known to place Trojans on visitors’ computers in drive-bys.
6. Giving out passwords, tokens or smart cards
Despite years of warning users to closely guard their passwords, about one in three people admit to writing their password on a piece of paper stored near the PC. The irony is that network administrators force users to adopt passwords that can’t be remembered – ones with numbers, symbols, capital letters and at least eight characters. When a user fears forgetting his password, he writes it down, creating a new vulnerability.
7. Random surfing of unknown, untrusted Web sites
See No. 5 above. Adware. Spyware. Trojans. Surf some of those fun Web sites for a bit of entertainment and you could get more than you expected. Even MySpace sites are a new danger for depositing unwanted malware onto PCs.
8. Using any old Wi-Fi network
That Internet cafe with the free Wi-Fi might be a fun place to hang out, but you have no idea who could be intercepting your data from such a network. Make sure that users at least have a personal firewall on the laptop before jumping on a wireless network operated by an unknown source.
9. Filling out Web scripts, forms or registration pages
Register to get this free download or to subscribe to that newsletter. The question is, who is capturing your personal information?
10. Participating in chat rooms or social networking sites
Who hasn’t been invited to join LinkedIn or a similar social network? Social engineers – those who gather information about you to garner your trust – love these kinds of sites. They learn enough about you and your colleagues to earn your trust and get you to reveal additional personal information.
For years we’ve enjoyed relatively safety in conducting business and personal activity on the Internet. Unfortunately, we now need to give up some of our habits and activities, or at least get smarter about what we do, to protect our identities, our resources and our assets.
Hopefully your user community has learned by now to avoid e-mail “stranger danger.” When it comes to attachments, if you don’t know who sent it, simply delete it. For that matter, it’s a good safety practice to ignore non-business-related attachments from people you do know. These attachments could have Trojans embedded in jokes or photos sent by unsuspecting friends. If the attachment is truly important, the person who sent it will follow-up with a phone call.
2. Installing unauthorized applications
Some employees take the phrase “personal computer” a little too literal, thinking they can install whatever they want on a company-owned PC. ITunes, instant messaging, screen savers and other fun utilities. Even if these applications are harmless, they must be discouraged as a violation of company standards.
3. Turning off or disabling automated security tools
Have you ever known a user to turn off or reschedule an automated virus scan or security update? In truth, we’ve probably all done it once or twice because the time of the scan or update just wasn’t convenient. Circumventing security measures, even in the name of productivity, simply can’t be allowed.
4. Opening HTML or plain-text messages from unknown senders
Not just attachments, but also regular messages from strangers can pose a danger. Increasingly, HTML documents are the source of spyware or executable code. Teach your users to be skeptical of every message – with or without attachments – from unknown sources. When in doubt, delete the message. If it’s important, the sender can follow-up again with another message or a phone call.
5. Surfing to gambling, porn or other dicey sites
Some people think that they have the right to visit any Web site, as long as it isn’t done on company time. Well, bucko, time isn’t the only resource of concern here. Many “vice” sites are known to place Trojans on visitors’ computers in drive-bys.
6. Giving out passwords, tokens or smart cards
Despite years of warning users to closely guard their passwords, about one in three people admit to writing their password on a piece of paper stored near the PC. The irony is that network administrators force users to adopt passwords that can’t be remembered – ones with numbers, symbols, capital letters and at least eight characters. When a user fears forgetting his password, he writes it down, creating a new vulnerability.
7. Random surfing of unknown, untrusted Web sites
See No. 5 above. Adware. Spyware. Trojans. Surf some of those fun Web sites for a bit of entertainment and you could get more than you expected. Even MySpace sites are a new danger for depositing unwanted malware onto PCs.
8. Using any old Wi-Fi network
That Internet cafe with the free Wi-Fi might be a fun place to hang out, but you have no idea who could be intercepting your data from such a network. Make sure that users at least have a personal firewall on the laptop before jumping on a wireless network operated by an unknown source.
9. Filling out Web scripts, forms or registration pages
Register to get this free download or to subscribe to that newsletter. The question is, who is capturing your personal information?
10. Participating in chat rooms or social networking sites
Who hasn’t been invited to join LinkedIn or a similar social network? Social engineers – those who gather information about you to garner your trust – love these kinds of sites. They learn enough about you and your colleagues to earn your trust and get you to reveal additional personal information.
For years we’ve enjoyed relatively safety in conducting business and personal activity on the Internet. Unfortunately, we now need to give up some of our habits and activities, or at least get smarter about what we do, to protect our identities, our resources and our assets.
