It's weirdly painful yet helpful when successful hackers step out from the shadows and tell us how stupid we are and how they so easily shred our security. The latest episode of this long-running show occurred last week when MafiaBoy, or Michael Calce in meatspace, reminded us once again that social engineering remains the hacker's sharpest tool. ComputerWorld called it “MafiaBoy Spills the Beans.”
Small businesses don't have the money to load up on expensive intrusion detection systems, but they can teach their employees to be a little more suspicious. You don't have to turn them into pit bulls, but you can request they become more protective.
Hackers call on the phone and pretend to be improving security by asking for your password to “verify” things. Don't ever tell anyone your password over the phone or via e-mail. If you're large enough to have an IT staff, train the techs to never take the lazy road and call, rather than visit, employees about security issues. Remote office employees must call the IT people themselves for any security updates, not respond to phone calls. Send them an e-mail or a text asking them to call the approved company phone number for IT support. Little details like that mean a huge security improvement.
Beware outside techs in uniforms as well. Hackers routinely dress as phone company employees by getting a shirt and hat, then waltz into businesses left and right. If you didn't call for service and a phone company employee appears, call the company and get confirmation. Don't believe the documentation he carries, because hackers fake those papers. Don't call the number the suspicious person suggests you call to check on them, because that call will be answered by another hacker.
Do you want to be safer? Allow your employees to be a little more rude to people asking questions and trying to get inside your business. Sometimes, outside service people are setting you up for an inside computer hack.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Surfing the internet is fun and exciting.
Surfing the internet is fun and exciting but if don’t have a good scan to rid your computer of the bugs it picks up then you will run into some problems. My search for a good scanner led me to the antispyware solution from Search-and-destroy. This is one of the best scans that I’ve ever used and it’s available at http://www.Search-and-destroy.com. I believe that you will like Search-and-destroy Antispyware as much as I do if you give it a try. It works great and cost less than many of the other options you will find when it comes to antispyware scanners.