 |
|
|
|
 |
Become a fan
[PG] Parental Guidance Suggested
10 Most Dangerous Things Users Do Online
If your end users knew what damage they could cause when they...well, just send them this article
By The Staff of Dark Reading
Courtesy of Dark Reading
End users - god bless 'em. You can't live with 'em - but without them, you wouldn't have a job. They're the reason you have an IT infrastructure; they're also the single greatest threat to the security of that infrastructure.
Because, in the end, most users have no idea how dangerous their online behavior is.
No matter how many times they train them, no matter how many classes they hold, most IT professionals still watch helplessly as end users introduce new malware because they "just couldn't resist looking at the attachment." Security pros cringe as their users download software for personal use, turn off firewalls to speed up a connection, or leave their passwords stuck to their laptops.
Wouldn't it be nice if you could give end users a list of the most dangerous things they do online every day, and then tell them why those activities are particularly risky?
We thought so, too. The following is our list of "The Ten Most Dangerous Things Users Do Online," along with some explanation of the risks - and solutions - associated with each. This list was generated directly from input we've received from IT people like you, and is arranged in descending order of danger, based on votes received from the experts and analysts who make up Dark Reading's editorial advisory board.
Stick this up on the door to your office. Better yet, stick it up on the company bulletin board - or post it directly to each of your users. If it keeps one user from making a big mistake, then we'll have done our job - and so will you.
1. Clicking on email attachments from unknown senders
We know, we know. Haven't we beaten this one to death already? With all the computer training courses, news reports, magazine articles, and memos from the IT department, are there any users left out there who don't know they aren't supposed to open email attachments from strangers?
Apparently, there are. IT managers, consultants, and other experts maintain that of all the dangerous things corporate end users do, opening email attachments is still the most potentially damaging. Even with today's new range of exploits, email attachments are still the most likely means of contracting viruses, worms, Trojan horses, and other infections. And because these attachments usually contain applications or executable files, they have the greatest potential to instigate the complete takeover - or destruction - of an enterprise PC.
But shouldn't end users know this by now? An August survey by security software vendor Finjan offers an interesting perspective. In a straw poll of 142 U.K. office workers, Finjan found that 93 percent of respondents knew that attachments and links found in email messages could contain spyware or other forms of malicious code embedded in them.
The problem isn't that users don't know the risks - it's that they can't help themselves, Finjan said. In the survey, 86 percent of the workers admitted they open attachments and click on links without being sure if it's safe to do so. And despite frequent warnings, 76 percent of those surveyed said they routinely open what they assume to be viral marketing files, such as funny videos, jokes, or Websites.
"It's still the most dangerous thing end users do," says Richard Stiennon, founder of IT-Harvest, an IT consulting firm.
2. Installing unauthorized applications
What do you mean, "no IM?"
If you're like many organizations today, prohibiting instant messaging is out of the question. IM is rapidly becoming a standard corporate communication tool, even as the number of IM exploits rises. Like any other peer-to-peer application, instant messaging comes with some serious risks, but once your users are hooked on IM, they are hooked.
"IM is too useful to completely restrict. If you try to lock it down, but don't provide any outlet for employees to stay in touch with the outside world, users will find a way around your security policy," says Thomas Ptacek, a researcher with Matasano Security. "It's 2006. Your users are going to use IM."
IM isn't the only peer-to-peer app your users may be installing on their desktops. There's Kazaa and other free file-sharing utilities that let users share documents, software, and music. But this freedom has its cost. "These applications can increasingly be the source of new viruses," says Rob Enderle, principal analyst with the Enderle Group, an IT consultancy.
If your end users knew what damage they could cause when they...well, just send them this article
By The Staff of Dark Reading
Courtesy of Dark Reading
End users - god bless 'em. You can't live with 'em - but without them, you wouldn't have a job. They're the reason you have an IT infrastructure; they're also the single greatest threat to the security of that infrastructure.
Because, in the end, most users have no idea how dangerous their online behavior is.
No matter how many times they train them, no matter how many classes they hold, most IT professionals still watch helplessly as end users introduce new malware because they "just couldn't resist looking at the attachment." Security pros cringe as their users download software for personal use, turn off firewalls to speed up a connection, or leave their passwords stuck to their laptops.
Wouldn't it be nice if you could give end users a list of the most dangerous things they do online every day, and then tell them why those activities are particularly risky?
We thought so, too. The following is our list of "The Ten Most Dangerous Things Users Do Online," along with some explanation of the risks - and solutions - associated with each. This list was generated directly from input we've received from IT people like you, and is arranged in descending order of danger, based on votes received from the experts and analysts who make up Dark Reading's editorial advisory board.
Stick this up on the door to your office. Better yet, stick it up on the company bulletin board - or post it directly to each of your users. If it keeps one user from making a big mistake, then we'll have done our job - and so will you.
1. Clicking on email attachments from unknown senders
We know, we know. Haven't we beaten this one to death already? With all the computer training courses, news reports, magazine articles, and memos from the IT department, are there any users left out there who don't know they aren't supposed to open email attachments from strangers?
Apparently, there are. IT managers, consultants, and other experts maintain that of all the dangerous things corporate end users do, opening email attachments is still the most potentially damaging. Even with today's new range of exploits, email attachments are still the most likely means of contracting viruses, worms, Trojan horses, and other infections. And because these attachments usually contain applications or executable files, they have the greatest potential to instigate the complete takeover - or destruction - of an enterprise PC.
But shouldn't end users know this by now? An August survey by security software vendor Finjan offers an interesting perspective. In a straw poll of 142 U.K. office workers, Finjan found that 93 percent of respondents knew that attachments and links found in email messages could contain spyware or other forms of malicious code embedded in them.
The problem isn't that users don't know the risks - it's that they can't help themselves, Finjan said. In the survey, 86 percent of the workers admitted they open attachments and click on links without being sure if it's safe to do so. And despite frequent warnings, 76 percent of those surveyed said they routinely open what they assume to be viral marketing files, such as funny videos, jokes, or Websites.
"It's still the most dangerous thing end users do," says Richard Stiennon, founder of IT-Harvest, an IT consulting firm.
2. Installing unauthorized applications
What do you mean, "no IM?"
If you're like many organizations today, prohibiting instant messaging is out of the question. IM is rapidly becoming a standard corporate communication tool, even as the number of IM exploits rises. Like any other peer-to-peer application, instant messaging comes with some serious risks, but once your users are hooked on IM, they are hooked.
"IM is too useful to completely restrict. If you try to lock it down, but don't provide any outlet for employees to stay in touch with the outside world, users will find a way around your security policy," says Thomas Ptacek, a researcher with Matasano Security. "It's 2006. Your users are going to use IM."
IM isn't the only peer-to-peer app your users may be installing on their desktops. There's Kazaa and other free file-sharing utilities that let users share documents, software, and music. But this freedom has its cost. "These applications can increasingly be the source of new viruses," says Rob Enderle, principal analyst with the Enderle Group, an IT consultancy.
[PG] Parental Guidance Suggested
Comments & Reviews ^topBe the first to comment on this! |
|
© WP Technology Inc. 2010
User-posted content is subject to its own terms.
User-posted content is subject to its own terms.
