Tips on cyber protection from your employees

Just before the EU summit it became known that the EU Commission was under attack. This suggests a d-dos attack, but from this article in the Register it becomes clear that this is not a one off. So what seems to have been going on? Are there ways to avoid computers that are infected because of actions of your own employees?

The EU attack
It looks like this has been an attack that was maybe staged long ago or staged over months in the form of e-mails directed to individual Commission employees in the hope that they open the attachment in the e-mail. This is the easiest way to infect computers: human negligence or curiosity to click on whatever is presented to them on line.

This news implies that Commission computers may have been infected for months on end. Who knows what confidential policy and other information was passed on to …? What was found out about what or whom? Have individual Commission employees become subject to black mail, because what was found on their computer? Yes, a very strange question. But what if? The hack would last long beyond the hack itself, wouldn’t it? We just don’t know. As always Chinese government hackers are mentioned.

What if this was your organisation or company?
Imagine that your company was hacked. You just did. Too bad, you probably have to except that you are or have been. From what I read it is almost common practice. If you are not hacked, you don’t have something which is worthwhile to someone, somewhere. If you are hacked, you’re systems are open to the world. This implies that someone, somewhere knows your secrets. The secret behind your product(s), confidential policy, reported conversations, etc and maybe even your tender for that contract you really need. In short the sort of knowledge you do not what your competitor or other governments to know.

Prevention measures at human level
There are innumerable software protection measures, but they can do a lot, not all, except prevent you from human failure. So how can an organisation secure itself against these sort of hacks? Just looking at employees, I’d suggest to consider measures like these:

If you are interested, contact me for 10 quick tips on how to proceed or a presentation to create awareness. denatrisconsult@hotmail.nl

Hacked computers are no exception
Of late this sort of news is regularly found in the papers. Beware, this is only because for whatever reason it has recently become fashionable to report these sort of attacks. They have been going on for years as Richard Clarke shows in his book “Cyber war”.

This week U.S. CERT reported on cyber incidents in the U.S. (all sorts, I admit) for the fiscal year 2010. 107.000 plus is a lot, but beware, this is only what the U.S. government CERT was able to compile. Most companies do not report incidents, e.g. because they fear bad publicity. So figures may actually be much higher, spectacularly higher.

It looks like it happens all over the place, doesn’t it. Maybe it is time you start devising a policy on it.

Wout de Natris, De Natris Consult

Leiderdorp, 25 March 2011

Advertisements

About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Botnets, Cyber crime, Cyber crime reporting, Cyber espionage and tagged , , , , . Bookmark the permalink.

One Response to Tips on cyber protection from your employees

  1. Pingback: Bridging Wisdom- One Wisdom Spoke at a Time

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s