Are you (your users) a Hack waiting to happen?
-
While this is a 'news' article, I thought I would drop it here for discussion...
Are you a hack waiting to happen? Your boss wants to know
Company sent out an email as a spoof to see if the users are a threat to security. They get a fake email in the article that tries to bring awareness of security risks.
This is also a point of sorts which SAM and I spoke about briefly yesterday. While onsite I needed passwords to new computers setup by a contractor. She hands me a Mini notebook (pocket sized) which I later thumbed through.
There were 30 pages of userIDs and Passwords. True, several of them were only one place, but it remained that the information was right there.
What I didn't tell SAM at the time was, this is our Clinic - so these passwords would allow access to HIPPA regulated data. Riding the tails of the recent Anthem breach - this seems like a educational moment.. Just glad I'm not in HR.
-
I think the term "user" equals "hack waiting to happen."
-
@scottalanmiller
If I could upvote that more than once I would.. sadly I can't.. but I agree. While I've been in IT about as long as you have (30 years) - at some level even I and a user... I just have better tools now. -
Vote early and vote often!
-
-
@scottalanmiller Social engineering is a great way to get what you want. Buffer overflows, unescaped SQL queries can be patched, people wanting to be "helpful" is an aspect of our culture and I imagine only by hiring the most irritating, least helpful people on the planet can you begin to really secure yourself against your own employees.
