One of the biggest information risks a company can have is its own employees. It's a difficult risk to deal with however. Companies have to trust employees with information in order to accomplish just about any task. Employers generally have to have a mix of trust and a lack there of, in order to survive. Have too much of one or the other though, and you either end up with theft or unhappy employees.
As the article states, employee theft is not uncommon. Companies that aren't cautious about it can lose a lot of money, and some can go out of business; all because of a single employee taking advantage of trust. "On average, it takes about 18 months for an employer to catch an employee who is stealing." With that said, its very important for companies to assess the risks of trust at the start of a companies beginnings.
Personally I think employers need to give their employees a good amount of trust. At the same time, employers should set up measures to keep an eye on employees.
Employers should utilize basic accounting controls. If a company has accounting measures in place, the company can better determine if there are shortcomings or losses of any kinds in terms of employee theft.
Employers should also certainly have a greater degree of misplaced trust. If you let your guard down, you wont even see theft coming. If you are always on the lookout for suspicious activities, you will catch a thief before its too late.
Trust is a very iffy subject for employers. It's important to let your employees know you trust them with information, but its also important to never let your guard down.
Blog by Hans Harvey
Blog Post 5
Sources-
Author: Patricia Schaefer
Title: Employee Theft: Identify and Prevent Fraud, Embezzlement, Pilfering, and Abuse
Address: http://www.businessknowhow.com/manage/employee-theft.htm
Tuesday, September 24, 2013
Tuesday, September 17, 2013
Thoughts on phishing scandals / Controlling Malware, Spyware, Phishing, and Spam
The Facebook phishing scandal is a setup where unknown individuals send Facebook users a relatively legitimate looking email from Facebook. The email is actually a scam though, an attempt to get a user to respond to the email and unknowingly give their email address and password to the scammer. The email looks friendly enough, but the intentions behind the email are most certainly not friendly, and I would warn anyone who receives a suspicious email to not respond or click any links.
I personally have seen the emails from these scammers several times in my own email account. I glanced at it the first time I saw it, and immediately doubted the legitimacy of the email. The email was sent by a friend of mine on Facebook, that I had never actually talked to. That in it self was sketchy, but the entire email looked off as well.
In order to effectively protect yourself from the dangers of phishing, it is important to keep a cautious eye on all emails that you receive. Consider this, almost no admin or official of any organization or website is going to ask you for passwords, or security questions. If you get an email that does look relatively legit, but it does ask for a some kind of private information, a quick Google search about it, could solve whether a said email is in fact legitimate or not. Another option would be to look it up on the site, or contact a support admin or official of that site about it. Never click any links in emails without giving the link a quick examination. The email that the Facebook scammers were sending out, looked like it was coming from facebook.com, but it was actually coming from Fbaction.net.
Phishing is a scam that is becoming more and more common through emails, and it is important for everyone to know the dangers that could be lurking in their inboxes.
Blog by Hans Harvey
Blog Post 3
Sources-
Author: Paul Boutin
Title: Facebook Phishing Attack in Progress: Beware Fbaction.net
Address: http://gadgetwise.blogs.nytimes.com/2009/04/29/facebook-phishing-attack-in-progress/?_r=0
I personally have seen the emails from these scammers several times in my own email account. I glanced at it the first time I saw it, and immediately doubted the legitimacy of the email. The email was sent by a friend of mine on Facebook, that I had never actually talked to. That in it self was sketchy, but the entire email looked off as well.
In order to effectively protect yourself from the dangers of phishing, it is important to keep a cautious eye on all emails that you receive. Consider this, almost no admin or official of any organization or website is going to ask you for passwords, or security questions. If you get an email that does look relatively legit, but it does ask for a some kind of private information, a quick Google search about it, could solve whether a said email is in fact legitimate or not. Another option would be to look it up on the site, or contact a support admin or official of that site about it. Never click any links in emails without giving the link a quick examination. The email that the Facebook scammers were sending out, looked like it was coming from facebook.com, but it was actually coming from Fbaction.net.
Phishing is a scam that is becoming more and more common through emails, and it is important for everyone to know the dangers that could be lurking in their inboxes.
Blog by Hans Harvey
Blog Post 3
Sources-
Author: Paul Boutin
Title: Facebook Phishing Attack in Progress: Beware Fbaction.net
Address: http://gadgetwise.blogs.nytimes.com/2009/04/29/facebook-phishing-attack-in-progress/?_r=0
Tuesday, September 10, 2013
Thoughts on Information Security's Real Threat: Oversharing / Security Information Management
Managing security information is vital to the success of any business, especially one that is looking to reach out to its community through social media. Personally I do agree with the author of the story, that public missteps, and oversharing can be costly mistakes, and should be done cautiously.
Though there are risks with posting information on social media sites, it can certainly be beneficial for a company, so long as no vital security information is given out, or sensitive data is revealed.
New companies should assess risks such as leaks of information before any kind of involvement with social media ever occurs. Companies should know who is responsible for information. The questions companies should ask to find out who is responsible for information are as follows: who ever owns it, who ever stores it, who ever accesses it, and who ever manages it, is responsible for that information. If any secret information is then leaked, there should only be a handful of people who can be held responsible for the leak.
If an employee posts something that can damage the companies name, all they can really do for damage control, is to try and burry that incident, and make their customers/ community think of all the other things the company does well.
In conclusion, sharing information on social media sites is somewhat of a necessity in order to be successful in the business world, but companies should do so with caution. Oversharing and giving information that shouldn't be shared is where the problems begin. Monitoring what information is given to the public, and what employees have access to information is a priority that all businesses should take into consideration.
Blog by Hans Harvey
Blog Post 2
Sources-
Author: Brian Barnier
Title: Information Security's Real Threat: Oversharing
Address: http://www.informationweek.com/security/management/information-securitys-real-threat-oversh/240160548
Though there are risks with posting information on social media sites, it can certainly be beneficial for a company, so long as no vital security information is given out, or sensitive data is revealed.
New companies should assess risks such as leaks of information before any kind of involvement with social media ever occurs. Companies should know who is responsible for information. The questions companies should ask to find out who is responsible for information are as follows: who ever owns it, who ever stores it, who ever accesses it, and who ever manages it, is responsible for that information. If any secret information is then leaked, there should only be a handful of people who can be held responsible for the leak.
If an employee posts something that can damage the companies name, all they can really do for damage control, is to try and burry that incident, and make their customers/ community think of all the other things the company does well.
In conclusion, sharing information on social media sites is somewhat of a necessity in order to be successful in the business world, but companies should do so with caution. Oversharing and giving information that shouldn't be shared is where the problems begin. Monitoring what information is given to the public, and what employees have access to information is a priority that all businesses should take into consideration.
Blog by Hans Harvey
Blog Post 2
Sources-
Author: Brian Barnier
Title: Information Security's Real Threat: Oversharing
Address: http://www.informationweek.com/security/management/information-securitys-real-threat-oversh/240160548
Thursday, September 5, 2013
Thoughts on Edward Snowden / code of ethics
There isn't really a more blatant showing of a disregard towards a code of ethics than the example involving Edward Snowden. Snowden leaked classified details of U.S. Government surveillance programs to the world, and is now on the run from the U.S.. I believe Snowden's actions were wrong to leak classified documents to the world.
It's easy for all the people around the world to talk down about his actions, but how many of us, in his situation would be able to adhere to a code of ethics? Personally, I would have tried to live up to the standards of a code of ethics, but not everyone would be able to do that.
It's hard to imagine giving up your life to reveal secret documents to the world. Snowden was living a solid life too, making six figures, living in Hawaii with his girlfriend, and he gave it all up. "I'm willing to sacrifice all of that because I can't in good conscience allow the U.S. government to destroy privacy, Internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building," Said Snowden to the Guardian.
When Snowden signed up for the contracting business, one of the documents he would have signed, would have involved a code of ethics, which would discourage him from doing exactly what he did; leaking Government documents to the world. In the SANS IT Code of Ethics, one line states, "I will not abuse my power. I will use my technical knowledge, user rights, and permissions only to fulfill my responsibilities to my employer." Another line states, "I will not steal property, time or resources." Snowden violated both of these lines in leaking documents to the world, showing a lack of commitment to any code of ethics. In Snowden's position, I too might not have agreed with the documents, but I would have adhered to the code of ethics.
Blog by Hans Harvey
Blog Post 1
Sources-
Author: Barbara Starr and Holly Yan from CNN
Title: Man behind NSA leaks says he did it to safeguard privacy, liberty
Address: http://www.cnn.com/2013/06/10/politics/edward-snowden-profile
It's easy for all the people around the world to talk down about his actions, but how many of us, in his situation would be able to adhere to a code of ethics? Personally, I would have tried to live up to the standards of a code of ethics, but not everyone would be able to do that.
It's hard to imagine giving up your life to reveal secret documents to the world. Snowden was living a solid life too, making six figures, living in Hawaii with his girlfriend, and he gave it all up. "I'm willing to sacrifice all of that because I can't in good conscience allow the U.S. government to destroy privacy, Internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building," Said Snowden to the Guardian.
When Snowden signed up for the contracting business, one of the documents he would have signed, would have involved a code of ethics, which would discourage him from doing exactly what he did; leaking Government documents to the world. In the SANS IT Code of Ethics, one line states, "I will not abuse my power. I will use my technical knowledge, user rights, and permissions only to fulfill my responsibilities to my employer." Another line states, "I will not steal property, time or resources." Snowden violated both of these lines in leaking documents to the world, showing a lack of commitment to any code of ethics. In Snowden's position, I too might not have agreed with the documents, but I would have adhered to the code of ethics.
Blog by Hans Harvey
Blog Post 1
Sources-
Author: Barbara Starr and Holly Yan from CNN
Title: Man behind NSA leaks says he did it to safeguard privacy, liberty
Address: http://www.cnn.com/2013/06/10/politics/edward-snowden-profile
Subscribe to:
Posts (Atom)