Workplace Security: Are You the Weakest Link?

Categories: Fraud Intelligence

As an employee at some company somewhere, you are probably putting your organization at risk every day – and you don’t even know it.  Do you re-use the same password to log in to multiple accounts?  Are you visiting social networking sites and planning your upcoming summer vacation while at work?  Have you ever logged in to check your work email from unsecured wireless hotspots?  These are just some of the activities employees around the world do every day that seem relatively harmless, but could be putting their company at risk.  But how?

Let’s take a look at planning your upcoming summer vacation.  You want to find the best travel deals so you open your favorite search engine, start browsing and get a list of results.  How do you know you are clicking on a legitimate link?  Cybercriminals are increasingly using an attack method called SEO poisoning which is a technique they use to get links to their malicious sites to appear higher in search results than legitimate sites.  They often take advantage of popular events, celebrities, or common activities that consumers engage in online such as holiday shopping and summer vacation planning to poison search engines with malicious links.

Or consider social networking sites.  If your company allows access to Facebook, Twitter and LinkedIn, more than likely you are signing in regularly to catch up on the latest happenings within your social circles.  Previous research has shown that 40 percent of Facebook status updates have links, and 10 percent of those links are either spam or malicious.

So what does this mean to workplace security you may be asking?  Well, suppose you click on a poisoned link while doing research on the Internet or browsing Facebook, and you inadvertently download a computer Trojan onto your work laptop.  Depending on what functionality that Trojan is equipped with, some cybercriminal in some remote part of the world could be logging everything you do such as collecting all of your login credentials, stealing documents off your computer that hold sensitive information, and intercepting business-related emails.

This is not science fiction anymore.  Rather, it is the reality of the world we live in today which is why RSA and EMC have developed the Workplace Security Risk Calculator to help employees better understand how seemingly innocent activities could translate to potential data exposure.  This fun, interactive tool asks a series of questions to determine your personal risk score and offers helpful hints to encourage employees to be mindful of the potential dangers associated with simple behaviors they engage in.

If you think you are not important to your company’s security, you are mistaken.  Employees are on the front lines of security at every organization – small or large.  The first step in prevention is educating employees to be aware of the potential workplace security risks, know how to spot suspicious emails or links, and encourage them to report these to the IT department.  As the old adage states, “An ounce of prevention is worth a pound of cure.”  I just need to apply that rule to the world of online dating.

Heidi Bleau
Author:

As a blogger, Heidi writes about cybercrime and fraud perpetrated against enterprises and consumers. As a Mom and consumer, Heidi also writes about how cybercrime affects us in our day-to-day lives. In her day job, she is a Senior Marketing Programs Manager focused on creating programs to drive awareness of RSA’s anti-fraud technologies in the marketplace. She brings over five years of experience working within RSA’s Identity and Data Protection group and has worked with many of RSA’s top researchers on projects involving the latest fraud and cybercrime threats. Prior to RSA, Heidi was a marketing and research manager at EKMS, an intellectual property management consulting firm. Heidi holds a B.A. and an M.B.A. from the University of Massachusetts. Heidi admits to a mild but manageable addiction to Dunkin' Donuts Iced Coffee.