Staff are the biggest threat to network security
Your own employees could be the biggest risk to your network security. Corey Steele, a network security specialist in Illinois, has outlined how he tests company security and has found that it is much easier to break through using an employee of the company, and not attack the system directly.
Most employees are wise to the fact that they should not open an attachment from an unknown source, but Steele has exploited their trusting nature by simply phoning up an employee pretending to be an outside IT contractor working with the company. Having convinced the duped staff member to open a remote login help session with him, he then spends a good deal of time going through technical information before offering them the chance to take a break. While they are gone, he has the chance to install malware on the system and gain access to sensitive information that hackers could use to their advantage.
Another method that still works remarkably well is pretending to be a phone company employee, visiting the premises in person and asking to check the lines in the basement. Most let him in without any form of challenge and once inside the building he can create a wireless access point, join the network and then carry out a hacking attack from the comfort of his car outside.
Of course there are a vast array of tools at hackers’ disposal in the modern age and many prefer to carry out direct attacks on the system. For some there is a badge of honour involved in cracking the defences of a big bank, major corporation or even a government agency.
Steele offers a stark reminder, though, that staff education and vigilance are critical factors when it comes to network security, and that every staff member who can get access to important information, or even just the network, need to be educated about the methods hackers can use to beat the system. It does not matter how good your IT defences are, you are only as strong as your weakest link. For a lot of companies, that link might be the people that you employ.