It is not just little ol’ ladies who are scammed into pressing buttons which divulge confidential information about their bank accounts and credit cards. Anyone who uses a computing device is a target, in offices, warehouses, hospitals, retail outlets, colleges, or anywhere else there is connectivity. One of malware’s greatest strengths is security’s weakest link: the human factor.

Although the entire concept has been formalized and codified as social engineering, it is simply the vulnerability of the human condition:

• to respond intuitively to what appears to be authority, urgency, affability, or natural curiosity
• to become lax over time in following inconvenient security policies and procedures
• to delay as long as possible an admission of any wrongdoing which constitutes a breach of security

Yes, people are becoming smarter about what is malicious or what belongs on their systems. However, malware developers are also becoming smarter about launching attacks on the weakest points of the enterprise.

Here are a few simple steps to take to ensure the users in your business understand that security is not just a program installed and forgotten. Security is an ongoing function for which everyone has a responsibility:

• STRONG PASSWORDS for everyone can never be over emphasized
• implement, regularly review and consistently enforce security policies and procedures; a manual sitting on a shelf or shared drive is not enough
• keep on top of BYOD policies and the real threat of employees installing new side by side apps
• update security programs regularly before there is a breach
• promote continuous vigilance, making sure every user can identify indicators of a security breach and the need to report it immediately
• think before clicking

Common sense? Absolutely.

Does everyone use it? Not necessarily. Reminders are always in order.

Helpful Web Security Links
http://www.slideshare.net/NortonSecuredUK/september-2013-wsswebinar
http://www.slideshare.net/marianmerritt/the-norton-report-2013