24 October 2006
Common Dangerous Activities
DarkReading has released an article describing ten of the most dangerous things that people do online. They begin by stating that no matter how much training users receive, they still do things that compromise their computer's security such as leaving passwords stuck to their monitor or downloading software for personal use.
The number one risky activity that users do is open email attachments from unknown people. Even with all the publicity about this, users still are doing it. Email attachment are the most likely way of getting viruses or other malicious programs. If you look at any site that lists current security attacks, many of the attacks will be conducted via email, even if only a link to a website from the email. While a recent survey found that 93% of UK office workers knew that such links and attachments could contain viruses, 86% claimed to actually have opened them without knowing about the safety involved and 76% do it regularly. How can such activities be combated when users know the risk but do it anyway. People might as well be playing Russian Roulette with their computers.
Of course second comes the users who install personal software. IM software is a double edged sword in this sense, it is very useful for companies to keep in touch, while at the same time poses a security risk when connected to the outside world. Peer-to-peer file sharing programs are far more risky allowing for viruses to easily enter the system or confidential corporate information to worm its way out of the system. Also with file sharing applications there is the included possibility of pirated software or music entering and being stored on a company system. With the current push to stop pirated items, it could be a legal risk to a company as well.
Thirdly is the disabling or rescheduling of security features. Users turn off firewalls to increase their Internet speed or allow certain files to be sent and received. Many users also tend to reschedule or put off changing their passwords or security patch installation claiming that it keeps them from doing their work and is too much of a hassle.
Similarly there are the people who routinely log onto their computers with administrator accounts for very much the same reason. In this case it's usually the private individuals who have their own companies who claim that they need to log on as admin to run applications and install applications. When you tell them of the huge security risk involved in doing that they just state how they cannot run the applications any other way. Of course showing these people how to set the permissions so that they can does nothing because it took a minute to set up.
The article continues to go into other activities such as viewing emails from unknown users, browsing the Internet for gambling, porn and other such sites, giving out passwords, and many more.
The problem is how to convince users to not do these things. Many of them know of the dangers they just do the actions anyway.
The number one risky activity that users do is open email attachments from unknown people. Even with all the publicity about this, users still are doing it. Email attachment are the most likely way of getting viruses or other malicious programs. If you look at any site that lists current security attacks, many of the attacks will be conducted via email, even if only a link to a website from the email. While a recent survey found that 93% of UK office workers knew that such links and attachments could contain viruses, 86% claimed to actually have opened them without knowing about the safety involved and 76% do it regularly. How can such activities be combated when users know the risk but do it anyway. People might as well be playing Russian Roulette with their computers.
Of course second comes the users who install personal software. IM software is a double edged sword in this sense, it is very useful for companies to keep in touch, while at the same time poses a security risk when connected to the outside world. Peer-to-peer file sharing programs are far more risky allowing for viruses to easily enter the system or confidential corporate information to worm its way out of the system. Also with file sharing applications there is the included possibility of pirated software or music entering and being stored on a company system. With the current push to stop pirated items, it could be a legal risk to a company as well.
Thirdly is the disabling or rescheduling of security features. Users turn off firewalls to increase their Internet speed or allow certain files to be sent and received. Many users also tend to reschedule or put off changing their passwords or security patch installation claiming that it keeps them from doing their work and is too much of a hassle.
Similarly there are the people who routinely log onto their computers with administrator accounts for very much the same reason. In this case it's usually the private individuals who have their own companies who claim that they need to log on as admin to run applications and install applications. When you tell them of the huge security risk involved in doing that they just state how they cannot run the applications any other way. Of course showing these people how to set the permissions so that they can does nothing because it took a minute to set up.
The article continues to go into other activities such as viewing emails from unknown users, browsing the Internet for gambling, porn and other such sites, giving out passwords, and many more.
The problem is how to convince users to not do these things. Many of them know of the dangers they just do the actions anyway.
Labels: email, firewall, internet, p2p, safety
