As an employee at some company somewhere, you are probably putting your organization at risk every day – and you don’t even know it. Do you re-use the same password to log in to multiple accounts? Are you visiting social networking sites and planning your upcoming summer vacation while at work? Have you ever logged in to check your work email from unsecured wireless hotspots? These are just some of the activities employees around the world do every day that seem relatively harmless, but could be putting their company at risk. But how?
Let’s take a look at planning your upcoming summer vacation. You want to find the best travel deals so you open your favorite search engine, start browsing and get a list of results. How do you know you are clicking on a legitimate link? Cybercriminals are increasingly using an attack method called SEO poisoning which is a technique they use to get links to their malicious sites to appear higher in search results than legitimate sites. They often take advantage of popular events, celebrities, or common activities that consumers engage in online such as holiday shopping and summer vacation planning to poison search engines with malicious links.
Or consider social networking sites. If your company allows access to Facebook, Twitter and LinkedIn, more than likely you are signing in regularly to catch up on the latest happenings within your social circles. Previous research has shown that 40 percent of Facebook status updates have links, and 10 percent of those links are either spam or malicious.
So what does this mean to workplace security you may be asking? Well, suppose you click on a poisoned link while doing research on the Internet or browsing Facebook, and you inadvertently download a computer Trojan onto your work laptop. Depending on what functionality that Trojan is equipped with, some cybercriminal in some remote part of the world could be logging everything you do such as collecting all of your login credentials, stealing documents off your computer that hold sensitive information, and intercepting business-related emails.
This is not science fiction anymore. Rather, it is the reality of the world we live in today which is why RSA and EMC have developed the Workplace Security Risk Calculator to help employees better understand how seemingly innocent activities could translate to potential data exposure. This fun, interactive tool asks a series of questions to determine your personal risk score and offers helpful hints to encourage employees to be mindful of the potential dangers associated with simple behaviors they engage in.
If you think you are not important to your company’s security, you are mistaken. Employees are on the front lines of security at every organization – small or large. The first step in prevention is educating employees to be aware of the potential workplace security risks, know how to spot suspicious emails or links, and encourage them to report these to the IT department. As the old adage states, “An ounce of prevention is worth a pound of cure.” I just need to apply that rule to the world of online dating.