Posted by: Jeremy Benisek (CyberAxe) Don't Panic Business Technologies | September 14, 2013

Business Owners and Managers Help stop social scams and hacks – ask questions and talk to each other.

Image

With so many scams and social hacks out there it’s important to ask questions, verify information and talk to your fellow employees. It’s ok to ask the IT Department if this person should be here or not.

It’s not difficult to get a uniform and act like a blue collar worker so please don’t trust everyone coming in the door saying “Hey I’m from… Its critical I fix this… They said your losing money…”

Verify they should be there and were requested. Setup standards, whoever runs the service doors or front door should have a “who’s visiting today list” make sure to notify these people to service calls in advance, who’s coming and why, where they should and shouldn’t be!

The only defense to a “can make up anything attack” is to inform your staff and make sure they understand it’s ok to ask questions and verify. If they start saying I don’t know… and playing dumb something’s wrong. This is an exclusive party, your on the list or you don’t get in.

Never leave service staff alone! If they ask you to get some water for them have another employee get it, you should stay with them the entire time they are there. Most serviceable areas are server rooms, it only takes a second to insert a USB drive and that’s it. You might not ever even know it happened.

It’s locked is NEVER an acceptable excuse! A large amount of locks are pick able in seconds so do not be cheap on your security equipment.

If you use sign-in sheets and you should then verify the information in real-time. Be proactive. Ask for supervisor’s contact info on the sign-in form.

The delay of you verifying is worth the liability and possible loss of 10’s if not 100’s of thousands of dollars due to very simple oversights in security.

Some Q/A

  • Q. Do you have competition? A. Who doesn’t!
  • Q. Would they benefit from your customer lists? A. Yes
  • Q. What if your server “crashed”? But I use a external backup drive…? A. which is next to the server right?
  • Q. But they wouldn’t do something like that… A. How much money is on the line?
  • Q. Have you ever fired or laid anyone off? A. Who hasn’t. Were they happy about it? Do they know your lack of security?
  • Q. Have you angered a customer? A. Hope not because the tools for revenge are fierce these days.

If you don’t respect your customers because it’s good business you should respect them because they could cause you a world of trouble. In an age where 10 year olds can get their hands on virus’ and all manners of scripts you should control your staff, educate them and empower them to make decisions and verify first.

Their are people on this planet that will destroy your servers just because they can, you must take responsible actions to protection your physical and virtual security.

 

Also included in this is phone call and information release policy. Someone calling for the owners Full name, birthday and mother maiden name might raise alerts from some staff but what if it’s done one call at a time to different staff members. You should give out any information unless you verify. The information approved by marketing and legal should already be public on the company website and can be access there. Otherwise all requests for information should be in writing or by email. This way there is a trail and at least some process and chance to stop or prevent. It’s much easier to call and ask questions rather than coming in the office.

Here’s an example. Your staff gets a call from the owners Veterinarian office needing to get the name of the pet due to a computer error. The staffs more than happy to suggest a few different names they think it might be. This then can be used to recover the owners passwords on a range of websites.

This is also a good reason why when filling out password recovery questions you shouldn’t use facts or real information. Make up a set of standard security answers that only you know. Security Pets name, a Security Birthday, a Security favorite food. You should never use any information anyone would or could find out.

Never use Madden names or parents names. Under the Freedom of information act most government records are public it’s critical in this age of instant information you DO NOT USE facts for secret questions or passwords!

 

I hope this helps, please review, rate and share with your co-workers. I can provide consulting and training to staff as needed. Please be sure to visit my website for more information related to business costs and technology related issues. http://www.dontpanic.biz

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: