Great Lakes IT Report - Troy Firm to Begin Offering IT Security Training for All Workers

Troy Firm to Begin Offering IT Security Training for All Workers

Great Lakes IT Report
DETROIT, MI, Aug 9, 2007

The Troy-based IT security firm Creative Breakthroughs Inc. announced this week that it would begin offering employee security awareness training for businesses in light of a rise in the number of reports linking employee behavior to data security risks.

Recent reports announcing the results of an IRS internal data security audit illustrated a lack of security savvy among government employees who complied with requests to reveal personal password information to an unknown caller posing as a technical support person.

The caller successfully urged several IRS workers to reveal personal password information, or to change their password to one suggested by the caller. Of the 102 IRS employees contacted during the audit, 61 complied with the caller's requests and only eight contacted the inspector general's office or the IRS security office to validate the legitimacy of the call, according to a report issued by the Treasury Inspector General for Tax Administration, an office responsible for IRS oversight.

"We find time and again with this kind of network penetration testing that it's the people who fail to withstand potential threats to data security - not the technology," said Steve Barone, CBI's president and CEO. "The social engineering tactics used during this audit actually prey on people's willingness to provide help and assistance to others within their organization."

Social engineering describes tactics used by hackers that rely on interpersonal deception or trickery, is intended to manipulate users into divulging sensitive information that would allow unauthorized users access to network resources.

"Government agencies are not alone in their vulnerability to social engineering testing," Barone said. "Businesses and organizations in every sector are just as susceptible. In the IT industry, we're beginning to recognize the need to implement security solutions that extend beyond great technology. A security-savvy workforce is essential for businesses to have the ability to protect consumer and employee personal data as well as valued assets such as intellectual property."

The security awareness class will be a one-day seminar designed to update employees with the latest threats to information security, and arm them with the best practices to avoid social engineering tactics commonly used by hackers to commit fraud, as well as how best to prevent network data leakage and malicious code infections, according to Barone.

Businesses and individuals interested in security awareness training with Creative Breakthroughs may register online to receive curriculum and scheduling information as it becomes available at www.creativebreakthroughs.com, or call (800) 747-8585 to learn more.

Creative Breakthroughs, established in 1990 by Barone, provides IT services through partnerships with more than 440 satisfied business customers. The company provides computer system integration, network security and support, as well as consulting and staffing to clients that range from the smallest businesses to those listed on the Fortune 500. The company has relationships with Symantec, Microsoft, Juniper, Citrix, Cyberoam, NetApp and Imprivata, among others.

CBI also offered a top 10 list of ways employee behavior can impact network security.

1. Password Management - how to create a secure password and keep it private. Some passwords are better than others. Employees should never share their password with anyone - not even someone in a technical support role.
2. Desktop Security - unattended workstations can potentially expose sensitive data to onlookers.
3. Browser Security - not all Web sites and links should be regarded as safe. Clicking on an object or a link within an unsecured site may upload malicious programming onto the network.
4. E-Mail Security - in addition to harmful viruses, and other malicious code that can be transmitted via e-mail, scammers use e-mailed links to facilitate phishing and other means of fraud.
5. Telephone Security - many workers give up valuable information over the telephone with the best intentions, however the ramifications of telephone fraud can be disastrous. Employees should know proper procedures for handling requests that could give unknown caller with data that should stay private.
6. Mobile Security - employees with laptops and Personal Digital Assistants should be aware of security methods that ensure data on mobile devices cannot be accessed even when lost or stolen.
7. Device Security - devices like flash drives, memory sticks, and even MP3 players can transmit harmful programs like viruses, spyware or malware to the network.
8. Instant Messaging Security - risks associated with IM include exposure to rogue programs like worms that can infect networks, and IM communication has been admitted as evidence in several documented legal proceedings.
9. Remote Access Security - employees should understand why computers used for remote network access should not be shared with other users, or used to store personal files or other non-network software that can contain malicious programming.
10. Physical Security - protecting a business means more than just securing the building and the people within. Physical security needs to ensure the safety of the business and those on the premises, as well as the valuable information housed on network resources.