{"id":2437,"date":"2013-02-21T00:00:00","date_gmt":"2013-02-21T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/02\/21\/employees-may-be-a-companys-greatest-cybersecurity-vulnerability\/"},"modified":"2021-12-30T11:41:20","modified_gmt":"2021-12-30T11:41:20","slug":"employees-may-be-a-companys-greatest-cybersecurity-vulnerability","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/02\/21\/employees-may-be-a-companys-greatest-cybersecurity-vulnerability\/","title":{"rendered":"Employees May Be a Company&#8217;s Greatest Cybersecurity Vulnerability"},"content":{"rendered":"<p>Apple Inc, disclosed a cyber attack Tuesday, which started when employees visited a website for software developers and inadvertently picked up malicious software that infected their computers. &#8230;  And in a recent report about hackers infiltrating systems at The New York Times, investigators came to suspect that employees opened malicious links or attachments contained in emails. In these and other cyber attacks on corporations and government agencies, employees often serve as gateways for intruders\u2014underscoring the need for better employee education about digital security, according to a new report by the data security solutions firm Trustwave.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201c[A]ll the security controls in the world are useless if an attacker can manipulate an employee with system access,\u201d according to the findings, which include an analysis of more than 450 data breach investigations in 2012. <\/p>\n<p>Whether thieves are after customer data or a company\u2019s intellectual property portfolio, employee email, mobile devices, network passwords, and social media can all open the door for an attack.<\/p>\n<p>The proliferation of smartphones and mobile apps presents another set of security worries, \u201cas these devices routinely connect to unknown networks every day,\u201d says Trustwave.  \u201cPosting one\u2019s place of work on Facebook might not seem dangerous,\u201d the report warns, \u201cbut when combined with co-worker connections on LinkedIn, pictures of office parties from FlickR and check-ins on Foursquare, an attacker can create a very detailed picture of the internal workings of a company without ever setting foot inside.\u201d <\/p>\n<p>All in all, the authors identified employee education as integral to any other cyber defenses, arguing that \u201cno policy enacted will have much impact if employees aren\u2019t on board (especially if they don\u2019t truly understand the consequences of their actions).\u201d <\/p>\n<p>\u201cThis awareness training must include case studies highlighting both obvious pitfalls (clicking on suspicious links) and not-so-obvious ones (posting company photos online in which staff members are wearing their security badges).\u201d <\/p>\n<p>Link: http:\/\/www.law.com\/corporatecounsel\/PubArticleCC.jsp?id=1202588933863&#038;Employees_May_Be_a_Companys_Greatest_Cybersecurity_Vulnerability&#038;slreturn=20130121081231<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2437","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2437","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2437"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2437\/revisions"}],"predecessor-version":[{"id":4924,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2437\/revisions\/4924"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2437"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2437"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2437"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}