One Employee Click Can Kill Your Company
Stu at KnowBe4 documents 5 ways an employee can bring your company to its knees with just one click.–PC Pitstop
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
Five Ways Your Employees Can Kill Your Company
One – Insider Threat: Stealing valuable information for either profit or idealistic motives. Examples: Software developers taking home code for their next job, sales people downloading customer databases and move to the competition, and then there are whistleblowers like Snowden who can destroy your reputation whether you deserve it or not. The Insider Threat can be mitigated by thorough attention on the Policies, Procedures & Awareness layer of your “defense-in-depth” model, focused on granular access control, data leak prevention and compartmentalization of data.
Two – Allow access to a restricted area: You’d be surprised how easy it is to walk into a building with nothing else than a clipboard and a falsified ID. Penetration testers use this social engineering trick all the time with great success. People instinctively want to help other people; they are courteous opening doors with a friendly smile. How about that smoking area at the back of the building, someone standing there could easily piggyback in with some other smokers returning to work. Who knew the person they let in was a hacker that installed a keylogger on the PC of the CFO? Policies and Procedures are again the determining factors in these cases. Employees need to be trained or you will feel the pain.
This excerpt appears with permission from knowbe4.com.