During one of our training courses, we discuss security issues that SMEs may face, including permitting members of staff access to or control of security passwords. This can obviously cause problems should that employee be ill, leave, or worse still, bear a grudge against the company for whatever reason. It is not just access to passwords though that can be a problem. Access to other information that may seem almost trivial can actually compromise your security.
It is not just small companies who need to seriously consider what secure information your employees have access to. A recent hackers conference set a challenge to phone major corporations and extract potentially sensitive information which could be used to attack the corporate network. The technique used – social engineering- is well known to scammers and hustlers, on and offline, as well as crackers.
As can be seen from the experiment above, knowing browsers, operating systems, make of laptop and so on used within a company can all provide information of use to someone with malicious motives. Known vulnerabilities within both hardware and software can permit access into your corporate network, which can then lead to information you had thought was securely locked behind a firewall or similar.
This type of attack should be of particular concern to e-commerce companies who may hold confidential information about their customers on their network or within their backend systems.
Firstly, however friendly the caller may appear, advise your staff never to give out details of your systems unless it has been authorised and approved and there is proof that the caller is who they claim to be. Secondly, ensure that any known vulnerabilities have been addressed on your systems. The end result of not addressing security issues and understanding your responsibilities under the Data Protection Act could well be far more than a little reputation management or damage limitation. Trust from your customers is vital in this day and age – breaking that trust could be the end of the line for your business.