Your Employees Must Be As Knowledgeable in Hacking Matters

Hacking is one of those terms dropped in conversations to prove management is on top of the issues related to computer security. Computer security breaches are reported everyday and occur in even the most tightly controlled environments simply because people are not thoroughly trained in how to identify them or mission critical systems have points where security is missing. Operations where you would think all precautions have been taken find themselves embarrassed when someone steals important information for the purpose of committing a crime.

As recently as November 2008, it was reported a prison inmate gained access to employee online files containing personal information using a computer that was not intended to have access to the internet. The programmers thought access to the internet had been prevented. But “not intended to” doesn’t mean much when using integrated computer systems, because hackers can find ways to get around portals that are guarded. It’s like securing the front and back doors of a building while leaving the side windows unlocked.

Understanding the Problem

In the case of the prison inmate, he accessed employee files using a thin client on the prison server. Though the server was not programmed to allow internet access, the inmate cleverly entered the internet using stolen username and password information from employee files and uncovering a portal in the software used by inmates for legal research.

If an inmate can hack into a prison system with sophisticated security systems meant to guard the public, it is clear there must be multi-levels of security which notify those monitoring the system that an attempt to break-in is happening. The goal is to catch and stop the breach before any information is accessed. In other words, a well designed security system will have two features:

* Security systems preventing penetration

* Trained employees with the knowledge to recognise the signs of a hacking attempt and possible entry points for hacking

You can hire an internet security service to assess your security and design a penetration preventing application, but the employees using the system day-in and day-out need to be knowledgeable in the ways system attackers operate and how they locate and abuse vulnerable systems.

It Takes One to Know One

Basically, you teach your employees how to be hackers so they can prevent hacking. Courses which are intended to teach employees about internet security systems focus on how hackers exploit systems and how to recognise attempts. They also learn how countermeasures work and return to the workplace ready to implement organisational-specific measures to protect computer systems.

If the prison had established security levels which provided notification someone was trying to access employee files through a software program and then prevented that access, there would have been no breach. It is important to make sure your employees are knowledgeable so they can identify possible vulnerability, recognise hacking attempts, know how to use exploit tools, and can develop countermeasures.

Many times hackers make it all the way to sensitive information because employees don’t recognise hacking activity. There is an old expression that says, “It takes one to know one.” In the world of hacking, it takes an employee highly trained in hacking to know a hacker. But the payoff for this kind of training is immeasurable as company assets are protected.

By: Rob McAdam

About the Author:

Pure Hacking helps protect your Internet security by providing world-class penetration testing and ethical hacking risk management services. For a free consultation, please visit Penetration Testing.

About this entry