Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Cyber Security Awareness Tip #30 - Blogging and Social Networking InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Tip #30 - Blogging and Social Networking

Published: 2007-10-30
Last Updated: 2007-10-30 15:26:05 UTC
by Deborah Hale (Version: 1)
0 comment(s)

First of all - thanks to our fearless leader, Johannes, for getting this diary started.  I am becoming an absent minded old grandma I guess and forgot that I started my Tour of Duty last night.  Anyway, I am here today and ready for all of the fun.


Now for my 2 cents on the subject of Blogging and Social Networking.

I will not even try to kid you, I don't like the rooms that the kids are hanging out in.  I work very hard to discourage them from hanging out in some of these places. Unfortunately it is not easy. Many of these rooms contain numerous dangerous, not the least of which is sexual predators.  We all know what a danger these can be for kids. And if that is not enough to worry you, let's see if this does.

A few weeks ago we had some computers at our stores that had been infected. Now all of our stores had AV software installed and running.  During my monthly audit I discovered that we had some PC's that the AV had been disabled on and they were laden with bad things not the least of which was a worm.  As I began the job of cleaning these up and getting the AV going again I discovered that the common thread was that all of the infected machines had accessed one popular social networking site (not one page... the site).

Upon further investigation I discovered that the machines also contained a keylogger. Customer data as well as company data may have been at risk. Luckily we caught it before damage was done, however it could have been a big problem. I explained to management the dangers of the sites that the folks were visiting and we put a dollar value to the amount of time it took me to cleanup the problem by formatting and reloading all of the computers. We also took a look at the potential loss of revenue if a breach had of occurred and we had compromised valuable customer data. What about the possibility of a law suit? What about the loss of goodwill, faith in our service and our company?

We have now put in web filtering and we no longer allow access to certain sites and types of sites.  For instance music or video download.  What the employee does at home in their own time, I can't control. What happens in one of our facilities, I can.

The important thing is to talk to your employees, explain to them why you do what you do.  When they realize the cost they are more likely to cooperate.  When they realize that a breach can result in a significant loss of revenue which equates to less money for raises and bonuses and they see that it does affect their bottom line they don't complain, or at least complain silently.

Educating your users about the dangers on the Internet can go a long way in impacting your bottom line.

0 comment(s)
Diary Archives