Let’s face it, some days are just more exciting than others. (We can always count on patch Tuesdays).  While studying the newest vulnerabilities is interesting, there is nothing quite like the rush of “incident handling” adrenaline.  Okay, so right now, there is an interesting new Zeus Bot email scam and more clickjacking attacks.  It seems like a never ending hamster wheel, we can never quite catch up!  Just as we are finally getting our operating systems, applications and peripheral devices locked down, it pays to remember that the mitigation of threat with regard to employees will always be a risk. 

This economy is putting your network in jeopardy in more than ways than just your declining security budget.  Employees may be finding new ways to hijack your proprietary software, marketing plans or customer lists.  Of course you have policies that control office cyber behavior, but there will always be those few special employees who will figure out how to make their browser a notepad to hijack your customer PII.  Budget time can leave us drained, so remember that the human factor is still our greatest deficit.  People starving will steal to eat, and people trying to pay their mortgages may become extremely creative in their methods used to obtain intellectual property or credit card numbers.  At upwards from $2 a pop, just one account database can add up quickly. As we approach Security Awareness Month in October, take a few minutes to get determined not to be sidetracked focusing our security efforts.  Use this opportunity to remind employees not only what steps they can take to be safe online, but also of the fact that you are still monitoring their usage and should have no expectations of privacy while on the organization’s network.  Pull together your inexpensive insurance policy this week.  

Mari Nichols

Handler on Duty