Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Risk Awareness Enables Improved Prevention of Internet Based Attacks

InfoSecurity Europe : 18 February, 2010  (Technical Article)
Alexandra Tsybulskaya of Elcomsoft discusses the IT Security pitfalls that are easy to stumble into if some measure of avoidance isn't taken
See our events guide listing for more details

Last week, a company that rents an office floor next to ours fell prey to a malicious attack. The employees of the company use instant messengers to communicate with their existing and potential customers. Although it is a common knowledge that the improper use of instant messengers can pose a great risk to an enterprise, people still click on the links they receive. The addresser of such messages and links is often an attacker. In the case with our neighbouring company there was no happy ending: each employee who clicked on the link leading to a scammer's website lost her ICQ ID. As the sales department relied greatly on this type of communication with customers, the loss of the company is to be estimated.

In the age of information technologies, each employee - not only IT department staff - should be familiar with how to keep their valuable data safe and secure. To fulfill this task in a proper way one should try to halt hidden security threats, with those lying on the surface, in order to avoid grave consequences and damage for the whole company. Employees' information security literacy is a job of both IT guys and HR professionals. That is the reason we listed the most wide-spread hidden security threats for you to be aware of.

Lost Laptops, Exposed Data

The mobility of employees is constantly increasing in the modern world, and the rapid growth of the supply of mobile gadgets is rooted in the huge demand for such devices not only for personal use, but for working purposes. However, if your laptop or smartphone, you are accessing your work e-mail inbox or office PC from, falls into the wrong hands, unauthorized users may easily obtain the sensitive data that you've stored there.

One of the ways out is encrypting your data. You can use an encryption program, such as TrueCrypt (available for free under open-source licensing), to protect your data from unauthorized access.

Another possibility is to use a recovery service. If your equipment gets lost or stolen, and you can't get it back, you'll at least want to erase the data it holds. Some vendors, such as HP and Dell, offer services that try to do both for selected laptop models.

Weak Passwords

Use stronger passwords: Longer passwords are better; more characters take longer to crack. Keep in mind that the character diversity makes your password significantly harder to guess or crack. The situation will be definitely improved just if one sticks to a simple and widely accepted rule that a password must consist of uppercase and lowercase letters, numbers, preferably, special characters and be at least 9 characters long.

Rogue Wi-Fi Hotspots

Free Wi-Fi networks are available almost everywhere your employees go. Attackers, however, sometimes set up a malicious open Wi-Fi network to lure unsuspecting users into connecting. Once you have connected to a rogue wireless network, the attacker can capture your PC's traffic and gather any sensitive information you send. Verifying the network's name may help in this case.

Weak Wi-Fi Security

If you're cautious, you've already secured your wireless network with a password to keep outsiders from accessing it or using your Internet connection. But password protection alone may not be sufficient.

It's highly advisable as well to use stronger encryption. Several types of Wi-Fi network encryption are available. WEP (Wired Equivalent Privacy) encryption is the most common variety employed on wireless networks, but it can be easily cracked. The newer encryption types such as WPA (Wi-Fi Protected Access) or its successor, WPA2 resolve the weaknesses of WEP and provide much stronger protection.

Web Snooping

Now that so much entertainment, shopping, and socializing have shifted online, every Internet user leaves a rich digital trail of preferences. The best way out in this case is to use private browsing, which ensures that the site history, form data, searches, passwords, and other details of the current Internet session don't remain in your browser's cache or password manager once you shut the browser down.

Unpatched Software

Microsoft's products have long been favorite targets for malware, but the company has stepped up its game, forcing attackers to seek other weak links in the security chain. One of the most trivial preventive measures in this case is to have all security updates installed, thus keeping your operating system and applications up-to-date.

Each self-respecting company or enterprise should cooperate with IT security departments, for only mutual cooperation can bring evident results.

Elcomsoft is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th - 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo