Most users aren’t intentionally dumb, careless, or malicious. Yet, lacking a background in IT (or worse, having just enough IT knowledge to be really dangerous), users can often compromise the systems or even themselves without realizing it until it’s too late. Here are ten things that the IT service desk needs to know about so that they can take steps to protect the company as well as the vulnerable users.
1. Gullible Users
Despite the best efforts of Snopes, the Department of Homeland Security, the FAA, and frequent warnings by local and national news agencies, there are still users who think a prince in Nigeria wants to give them millions of dollars, or that they’ve won a lottery somewhere that they don’t even remember entering. IT needs to know if users are engaging in potentially dangerous behavior, such as communicating with a suspected catfisher or contributing to a cause for an unknown special interest group.
2. Users Downloading Personal Files on Work Computers
It can be so tempting to download big files for personal use (such as music, movies, and books) at work because the connections are usually much faster than what users can afford at home. But these activities can bring up legal issues, like downloading pirated content, as well as practical issues like introducing malware into company systems.
3. Users Installing Unapproved Software
Just like free online music and videos, free software online is often riddled with malware. Companies usually have software in place for all of the regular tasks, making it unnecessary to introduce potentially compromised freeware into the system. IT needs to know when users are downloading unapproved software so that they can help the user find a safe, acceptable alternative.
4. Users Connecting Their Mobile Devices to Work Computers
Charging a personal smartphone or tablet is just so convenient at work. All the user has to do is plug the device into the USB port, and bada-bang! It’s charged by the time they have to make that afternoon meeting. Unfortunately, the same cables used to charge those devices also transfer data — opening the company’s systems to any malware on the user’s device.
5. Users Posting Sensitive Company Information on Social Media
Social media isn’t a private means of communications, it is very public. This is an easy way to leak sensitive company data, like an upcoming merger that hasn’t been publicly announced, or information on the company’s clients that ought to remain confidential. In addition to legal and proprietary information, users can get themselves and their company in big trouble by using social media to rant about a boss or company executive.
6. Users Bypassing the Firewall
This is a classic example of users with just enough technical knowledge to be extremely dangerous. VPN services, anonymous proxies, and other tools allow users to bypass firewalls to get to information that’s blocked by the company’s filters, but along with this DIY technical “fix,” the user opens systems up to a host of potential problems, including malware, hackers, and cyber terrorists.
7. Users Accessing the System on Mobile Devices
Are users logging into the company’s system via their smartphones and tablets? Worse, are they doing so via Wi-Fi hotspots? This opens the system up to many threats, including password theft, data theft, hacking, corporate espionage, and malware. The IT service desk needs to know about this practice and work together with executives to develop solid BYOD policies to protect the company while allowing users the convenient access they need to do their jobs.
8. Users Opening Email Attachments
Most of the threats that enter corporate systems come in through email attachments opened by unsuspecting users. Hackers are getting smarter and slicker about designing emails that look legit, and even the savviest users can get tricked if they’re busy enough and not thinking. It pays to regularly remind users about how dangerous email attachments can be, and to reiterate this fact when new email threats are known to be circulating.
9. Users Opening the Spam Folder
Occasionally legitimate emails do end up in spam folders, especially if spam security settings are set pretty high. But the number of systems infected by malware far exceeds the number of important emails that end up in the spam folder. The ideal solution is establishing a policy that no user can open spam emails without approval from IT. If this isn’t possible, at least make sure IT is aware of how users handle spam.
10. Anyone Failing to Run Software Updates and Install Patches
“I could finish three reports in the time it takes to run those updates!” “Yes, and in the same length of time, hackers can make off with 100,000 GB of customer data.”
It just isn’t convenient to wait around five or ten minutes when work is churning to install updates and patches! Yet these patches are critical for maintaining the security integrity of software packages. When users aren’t running updates as they should, IT needs to be aware and take control.
About Tye Graham
Read more articles by Tye