Your Employees Must Be As Knowledgeable in Hacking Matters
As recently as November 2008, it was reported a prison inmate gained access to employee online files containing personal information using a computer that was not intended to have access to the internet. The programmers thought access to the internet had been prevented. But “not intended to” doesn’t mean much when using integrated computer systems, because hackers can find ways to get around portals that are guarded. It’s like securing the front and back doors of a building while leaving the side windows unlocked.
Understanding the Problem
In the case of the prison inmate, he accessed employee files using a thin client on the prison server. Though the server was not programmed to allow internet access, the inmate cleverly entered the internet using stolen username and password information from employee files and uncovering a portal in the software used by inmates for legal research.
If an inmate can hack into a prison system with sophisticated security systems meant to guard the public, it is clear there must be multi-levels of security which notify those monitoring the system that an attempt to break-in is happening. The goal is to catch and stop the breach before any information is accessed. In other words, a well designed security system will have two features:
* Security systems preventing penetration
* Trained employees with the knowledge to recognise the signs of a hacking attempt and possible entry points for hacking
You can hire an internet security service to assess your security and design a penetration preventing application, but the employees using the system day-in and day-out need to be knowledgeable in the ways system attackers operate and how they locate and abuse vulnerable systems.
It Takes One to Know One
Basically, you teach your employees how to be hackers so they can prevent hacking. Courses which are intended to teach employees about internet security systems focus on how hackers exploit systems and how to recognise attempts. They also learn how countermeasures work and return to the workplace ready to implement organisational-specific measures to protect computer systems.
If the prison had established security levels which provided notification someone was trying to access employee files through a software program and then prevented that access, there would have been no breach. It is important to make sure your employees are knowledgeable so they can identify possible vulnerability, recognise hacking attempts, know how to use exploit tools, and can develop countermeasures.
Many times hackers make it all the way to sensitive information because employees don’t recognise hacking activity. There is an old expression that says, “It takes one to know one.” In the world of hacking, it takes an employee highly trained in hacking to know a hacker. But the payoff for this kind of training is immeasurable as company assets are protected.
By: Rob McAdam
About the Author:
Pure Hacking helps protect your Internet security by providing world-class penetration testing and ethical hacking risk management services. For a free consultation, please visit Penetration Testing.
About this entry
You’re currently reading “Your Employees Must Be As Knowledgeable in Hacking Matters,” an entry on TekBoss
- Published:
- 08.18.09 / 2pm
- Category:
- Data Recovery
28 Comments
Jump to comment form | comments rss [?] | trackback uri [?]