It's weirdly painful yet helpful when successful hackers step out from the shadows and tell us how stupid we are and how they so easily shred our security. The latest episode of this long-running show occurred last week when MafiaBoy, or Michael Calce in meatspace, reminded us once again that social engineering remains the hacker's sharpest tool. ComputerWorld called it “MafiaBoy Spills the Beans.”
Small businesses don't have the money to load up on expensive intrusion detection systems, but they can teach their employees to be a little more suspicious. You don't have to turn them into pit bulls, but you can request they become more protective.
Hackers call on the phone and pretend to be improving security by asking for your password to “verify” things. Don't ever tell anyone your password over the phone or via e-mail. If you're large enough to have an IT staff, train the techs to never take the lazy road and call, rather than visit, employees about security issues. Remote office employees must call the IT people themselves for any security updates, not respond to phone calls. Send them an e-mail or a text asking them to call the approved company phone number for IT support. Little details like that mean a huge security improvement.
Beware outside techs in uniforms as well. Hackers routinely dress as phone company employees by getting a shirt and hat, then waltz into businesses left and right. If you didn't call for service and a phone company employee appears, call the company and get confirmation. Don't believe the documentation he carries, because hackers fake those papers. Don't call the number the suspicious person suggests you call to check on them, because that call will be answered by another hacker.
Do you want to be safer? Allow your employees to be a little more rude to people asking questions and trying to get inside your business. Sometimes, outside service people are setting you up for an inside computer hack.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.














Surfing the internet is fun and exciting.
Surfing the internet is fun and exciting but if don’t have a good scan to rid your computer of the bugs it picks up then you will run into some problems. My search for a good scanner led me to the antispyware solution from Search-and-destroy. This is one of the best scans that I’ve ever used and it’s available at http://www.Search-and-destroy.com. I believe that you will like Search-and-destroy Antispyware as much as I do if you give it a try. It works great and cost less than many of the other options you will find when it comes to antispyware scanners.