Lax security concern from employees can lead to ‘epic hack’
VAR_Staffing / VAR Staffing
For Mat Honan – a senior writer at Wired Magazine – technology should be second nature. Even for an expert, however, poor security choices can lead to an "epic hack." In one swoop, Honan's Twitter account was hijacked, as racist and homophobic tweets were posted, his Apple account was breached and data was wiped from his iPhone, iPad and Mac laptop, and his Gmail password was reset and his Google account was deleted. Essentially his entire digital life was erased.
IT Principals should imagine that scenario happening to an employee whose work-related devices were wiped and accounts were deleted – critical business information would be all gone in a moment. It's a nightmare scenario for any company, but with proper employee and IT department security protocol and resources, this issue could have been avoided.
Honan was vulnerable because he was somewhat careless and his attackers were professionals. According to a ComputerWorld article that profiled the hack and how it could have been avoided, the attack started with just Honan's email address. By using the same login name and password, saving credit card information on websites like Amazon, social engineering an Applecare employee and failing to back up his wiped data, Honan's digital life was jeopardized.
For any IT department, the fear this hack brings is all too real. A recent survey from CareerBuilder – which focused mainly on employee laptops – found that 26 percent of the 3,800 workers polled nationwide have office laptops and 61 percent have critical sensitive information on them. The alarming numbers, however, are that 57 percent of workers don't have a laptop security device and 27 percent have had a coworker give them their password.
For IT Principals, convincing employees to take security seriously can be a struggle. Partnering with VARs and MSPs that provider valuable resource for securing a company's information, can go a long way to adding peace of mind.