Human Security Weaker Than IT Security
Information technologies have evolved to a level at which the developers, programmers, and security specialists all know what they’re doing, and are able to produce products and services that work and are reasonably secure. Of course, there’s always room for improvement.
Despite the amount of criminal hacking that goes on, users who effectively implement the appropriate measures and refrain from risky behaviors enjoy relative security.
The Wall Street Journal reported on a study by Dartmouth’s Tuck School of Business, quoting professor Eric Johnson:
“Criminal hackers are increasingly turning to digital versions of old-fashioned con games, literally gaining the confidence of employees through innocuous-seeming phone calls purporting to be from fellow workers, or even through regular mail, in order to entice them into downloading malicious code or revealing a password. The threat of data leakage is thus highest where a human is put in a position to decide whether to click on a link or divulge important information. The [phishing] techniques have become more hybrid.”
If you are reading this, chances are you do a pretty good job with information security to prevent identity theft, at least on the consumer level. But you also need to start thinking about avoiding Jedi mind tricks. Within the security world, these cons are known as “social engineering.”
Whether you receive a phone call, an email, or a visitor at your home or office, always question those who present themselves in positions of authority.
You should never automatically place your trust in a stranger.
Within your own home or business, set clear guidelines regarding what information should or should not be shared.
Keep in mind that when you lock a door it can be unlocked, either with a key, or with words that convince you to unlock it yourself. Always view every interaction, whether virtual or face-to-face, with a cynical eye for a potential agenda.
In the end, if a bad guy has pulled the wool over your eyes, they often will want to infect your Mac or PC. Keep your computers operating systems critical security patches up to date and install a total protection product.
Robert Siciliano is an Online Security and Safety Evangelist to McAfee and Identity Theft Expert. (Disclosures)