Consult Your Professional Security Firm for Training Ideas
An employee’s laptop computer is stolen from their unlocked car… and the personal information of thousands of your company’s customers is suddenly at risk.
A person dressed as a utility repairman talks a new employee into helping him gain access to a sensitive area of the building… suddenly, every asset in that area (from information to people) is at risk from a nefarious actor.
A person the new security guard doesn’t recognize claims to have forgotten her key to the IT department… later, an electronic “sniffer” device is discovered in that area, and suddenly the firm’s entire database is at risk.
And it could’ve been a much worse device, discovered only after a major loss… not only a loss of data but in the most egregious cases, the possible loss of life and limb.
These are just a few of the all-too-common threats to your organization’s security that result from a lack of security awareness on the part of employees and staff.
Proper security awareness training, such as the type of education available from a professional security company, can go a long way toward minimizing these threats and helping protect your firm’s most valuable assets.
Consider These Sneaky Tricks Bad Guys Utilize
Perpetrators are often very smart and can be more familiar with your organization’s security procedures (and its weaknesses) than even your long-time employees and staff.
Here are just a few of the tricks they do to penetrate your firm’s security and threaten your assets:
Playing on human nature:
People generally want to be helpful… new employees want to make a good impression… and even the most intelligent staff members are often absorbed by their work to the point of being easily distracted by security procedures. The bad guys know this, and using techniques that fall under the general umbrella of “social engineering,” they’re often very good at attacking your firm’s assets by playing on the human nature of your people. You want your staff to be friendly and helpful… but not to attackers. Good security awareness can and should go hand-in-hand with good customer service.
This happens when an attacker learns a password by looking over the shoulder of a person who isn’t aware that their keystrokes are being observed. The solution? First, encrypt passwords so they’re not easily visible on computer screens… second, train your staff to be more aware of their surroundings… and third, make sure everyone knows at all times who are in their immediate area (and, importantly, who’s there who shouldn’t be).
When someone follows a badged employee through a doorway (or through a gate to a secure parking area) – without presenting their own credentials – they could be a person intent on attacking the firm’s assets. Again, employees should be aware of their surroundings at all times… and no one should be allowed to enter a secured area without presenting their own unique credentials.
Piggybacking occurs when a credentialed employee intentionally lets a non-credentialed person get access to secure areas or data… usually, as a result of the bad guys using “social engineering” tricks to convince them it’s okay (or coerce them in some other way). When everyone on the staff is highly security-aware, the threat of piggybacking becomes greatly reduced. Again, security awareness training is a good answer here.
Obviously, the weakest link in any organization’s security chain could also be its strongest protection – the organization’s people. Lack of employee security awareness opens the firm to lots of risks and threats… but solid training and high-security awareness among staff members make things very difficult for the bad guys.
Make sure your people are as security-aware as possible:
Call your local professional security firm today, and ask for a full evaluation and threat assessment. Find out what training programs or protocols can be used to improve your organization’s overall security awareness. Make things as hard as possible for those who would attack your firm’s assets, and they’re likely to take their nefarious activities somewhere else.