Weakest links are your staff


Weakest links are your staff

Kevin Mitnick, who was jailed after he stole the source code for Sun's Solaris operating system and hacked Tsutomu Shimomura's computers, reckoned that 70% of his successes as a hacker were down to manipulating people into supplying information, and only 30% relied on technical skills.

Humans are information-sharing animals - someone comes to you for help and you try to oblige. And, most of the time you are not really paying attention, which is what salesmen and con artists rely on. The most obvious example of this is charity collections. A recent field test showed collections for a bogus charity called "lags anonymous" succeeded in collecting money on the street in spite of stating clearly that its aim was to fund the escape of criminals.

Most business IT users have no idea that they are responsible for critical business assets (data), and have no understanding of the systems they use or the associated hazards.

An associate recently commented that Unix must be more robust than Windows because in 30 years he had seen fewer viruses damaging Unix systems. This ignored the fact that, until about five years ago you could not really use Unix unless you were fairly technical, whereas the whole drive of Windows development has been to make it easier for ordinary people to use.

The greatest contributor to the apparent insecurity of Windows is the ignorance of users. So, train your users in the basics of responsible, security-conscious computing, and get them to be street-wise about parting with information. Or suffer the consequences.

Mike Barwise is a consultant at www.computersecurityawareness.com/

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in September 2002


COMMENTS powered by Disqus  //  Commenting policy