Cybersecurity: People Are Weakest Link
Source: Tom's Guide US | Keywords: Sophos, Security, Social, Network, Phish | Themes: The Internet
Using social networks on the job can be a big security risk.
Yesterday security company Sophos warned against websites hosting a viral video of ESPN's Erin Andrews. Today the company is reporting that people are the weakest link in cybersecurity. Why? Because of social networks such as Facebook, LinkedIn, Twitter, and MySpace. According to the Sophos Security Threat Report, criminals are "doubly" exploiting these websites, using them to identify potential victims and then attack them at work and at home.
The big concern is that employees share too much personal information on the social networks while on the job, thereby putting the entire network--including sensitive company data--at risk. "The honeymoon period of these sites is over, and personally identifiable information is at risk as a result of by constant attacks that the websites are simply not mature enough to protect against," said Graham Cluley, senior technology consultant at Sophos.
A pie chart provided by the document reveals that 33.4-percent of employees questioned have been spammed on a social networking site; 21-percent have been phished, and 21.2-percent were sent malware. Imagine a co-worker loading up Twitter and then following a link to a phishing website, thus inadvertently providing a company username and password.
Sophos suggests that corporations should run web security solutions that check every link and webpage as it is clicked on to protect employees from malware and other suspicious activity. Sophos also added that corporations should consider allowing access to social networks during lunch, and apply multi-layered security at both the gateway and at the endpoint.
For the full report, read the PDF right here.
-
Previous News Article
Activision: Killing the... -
Next News Article
HP Develops Browser-Based Darknet
All those sites are outright blocked where I work so its a non-issue -- at least during working hours.
This is old news since dawn of man.
How about doing actual work instead of wasting time on sites like those? 33.4% of employees questioned were not doing their job.
Tell me something that I don't already know.
And yet some companies see the social networks as a job requirement *cough Bestbuy cough*.
old as dirt
Wait, you mean to tell me that spammers and hackers win because people are dumb? No way! Its M$ fault!
Yeah, lock quality has never been a problem, getting into anything just involves tricking the guard into opening it for you with the key.
I had a security class at my university and our teacher mentioned a survey (a while back so things hopefully have changed) where about 13% of people would have given their password to a coworker in exchange for a chocolate bar ... security starts at the user level.
BREAKING NEWS: HUMAN ERROR THE CAUSE OF MOST PROBLEMS
No s*** sherlock.
And yet some companies see the social networks as a job requirement *cough Bestbuy cough*.
I don't understand what you mean by that? Please elaborate on your reply so we dont all think you have half a brain.
lowguppy... yeah right... bumping has been a problem since the dawn of locks that the lock smiths tried to hide. The same parallel goes for software security. They hide it until they are busted before taking any action. LOL.
i dont use socal networks it isnt..... safe
I am extremely careful about posting anything sensitive to the one "social" site I use - LinkedIn. Personally, I do not see LinkedIn as a "social" site. I see it as a "professional" networking site that just might get me a job some day, and in fact, I likely would have found a job through there if I had not found my current job elsewhere first.
I do not use the other "social" sites. The whole world does not need to know every detail of my personal life. Besides, I have things that I consider more important.
I think some people are missing the point of this study. Whats happening is people putting there own information on the social sites and through that information you can exploit the company you work for in some way. AS an example, I have an employee ID. Even though it is not a company secret or classified in any way, the # combined with my full name could gain you access to even further information. I'd imagine a number of my coworkers throw there ID #s just about everywhere.
Can i get a job here stating the obvious?
All those sites are outright blocked where I work so its a non-issue -- at least during working hours.
if you were smart you could do it anyway.