Security awareness seminar held at the Energus building, Lillyhall on 27th July 2010.
We will assist in planning of new corporate buildings to ensure nothing has been missed regarding physical security, access control and network design requirements. Once the building is complete, we will ensure that the staff are well trained to maintain the confidentiality, availability and integrity of the information within.
Get yourself a sense of security
Securing your IT - and reputatiion
Cumbrian firms urged to be better prepared for floods
News and Star
Keeping newsroom information safe
Submitted to UK Press Gazette
Cumbrians must prepare for wave of Cyber Crime
Lake District Messenger
Can your web site be trusted?
Lake District Messenger
Production Journal August 2010
A new breed of criminal has become firmly established in our society. Termed social engineers, they combine the frightening combination of confidence trickery and technological know-how.
When was the last time a member of your staff was asked for confidential information over the phone?
Knowing your company is a target is your first defence against the profiling tactics that these fraudsters use.
They research the background of a company - and its staff - using all the commonplace tools that we have around us: Google, newspaper articles, social networking sites and even scan job adverts to find the skills required to join the IT department (which often contain lists of hardware and operating systems the company uses).
Such snippets of information contribute to a larger picture culminating in an attack. You would be wrong to prepare only for a hi-tech "cyber" attack - after all, why would a hacker go to all the trouble of circumventing your expensive Intrusion Prevention System when they could just call a new recruit in the office pretending to be from the IT department?
Picture the havoc that could be caused if a social engineer, posing as an IT technician, was to gain the confidence of a new recruit. Usernames and passwords could be innocently divulged and a list of commands entered that silently download malicious software. The imposter could also learn more about the network behind the "safety" of the firewall.
No firewall, Intrusion Detection System or method of password encryption will stop a social engineer from accessing your systems - the best way to mitigate the risk of a security breach is to combine the technology with security awareness training backed up by policies and procedures.
Companies that carry out security penetration testing (pretending to be hackers) state that their attempts to break into clients' computer systems using social engineering tactics are almost always successful.
Over many years working in newsrooms, I've lost count of the number of usernames and passwords I've seen stuck to employees' monitors. More worrying is the number of IP addresses and network diagrams that can be found stuck to IT department pin boards. These could all be seen and used by visitors to the premises.
Good security awareness training should:
In a time of austerity with crime rates expected to rise, be on the alert to ensure your staff and company are prepared for the unexpected.