Biggest Security Risk: Your Employees

"Bad guys" now target not just employees, but executives and their families. Reports published recently suggest that malicious e-mails have begun to specifically target executives by name and title, and even family members have received messages via their own personal e-mail accounts. This suggests malware writers are researching specific victims instead of sending random spam and virus messages in a shotgun approach.

The goal of these malware authors, today often associated with organized crime, is to get the recipient to open the malicious e-mail attachment or click the link in the e-mail, in order to install malware on the employee's PC. One such example is a keylogger, a program that records keystrokes including account numbers and passwords, or even just proprietary data being typed into a letter or spreadsheet. The hope is if the malicious e-mail contains the recipient's name or other business information, they will be more likely to open it. Additionally, they hope a single message sent to a single person would not be as likely to be detected by a spam filter.

Besides targeted e-mail, other security risks bombard users every day. Attackers can use other technologies like instant messaging programs and peer-to-peer file sharing networks to trick users into sending or sharing files with sensitive data. Rarely do companies scan the contents of outgoing e-mail attachments.

By far the best weapon against malware is an educated user. Even if your company has an Internet access policy, employees must still be trained to adhere to it, and use common sense. If a complete security training session seems overwhelming, try moving in stages. Start with teaching staff what makes a good password, and how to protect it. Once that has been put into practice, at later times meet again to discuss how to handle things like e-mail attachments, or pop-up ads.

August 2007

Send this article to a friend!
Subscribe to The ITS Connection

Related articles