Reply to discusion post below CMIT WK3
Question Description
Collin,
In the military, we focus on yearly training in order to educate everyone on the risks of letting inside knowledge out of the box. In the Navy, there’s plenty of old posters like “Loose lips sink ships,” or “Someone Talked!” dating back to World War II where controlling information about your military assets and protecting it from the Axis powers was top priority (Hasic, 2016). With proper training, the majority of social engineering attacks and identity theft can be prevented because employees will be able to quickly identify and mitigate the damage from a possible attack. Some of the following suggestions are neatly organized on page 711 of the EC-Council book, and some of the suggestions I wrote down from personal experience or from other classes I’ve taken.
A lot of practices I would instill would be: training on mobile phone safety (SMiShing, fake security apps, malware from third party software) and training on shredding all papers from the work space. Physical security items would consist of: install monitor privacy screens, no screens visible from windows or entrances, badges for employees with turnstiles and a guard, no piggybacking or tailgating, and requiring two-factor authentication tokens. Email safe practices: don’t respond to possible phishing techniques, don’t forward emails that may have viruses or dangerous links and alert security, and look for digital signatures/encrypted emails to lend more trust. Prevention training on identifying insider threat signs, train on company’s confidential data to prevent unintentional spillages, and train on identity theft (use shredders at home, careful of publicly available info, suspicious of phishing calls, strong passwords), credit reports, credit monitoring services.
As a company, I would conduct social engineering exercises, hire after background checks, give the least amount of privileges needed for each individual’s job, monitor privileged users, and conduct periodic risk assessments. Upon terminating an employee, I would disable all account before notification and have them escorted out after collecting their things and turning in all badges and two-factor authentication tokens.
Obviously smaller companies would have to pick and choose what is most important to keep them safe while not hindering the efficiency or productivity of their employees. To do that, I would make sure they conduct a risk assessment and find a level of risk that they are comfortable accepting if they do not implement all safe practices.
EC-Council. UMUC: Certified Ethical Hacker (CEH) Version 10 eBook w/ iLabs (Volumes 1 through 4). [eVantage]. Retrieved from https://evantage.gilmoreglobal.com/#/books/9781635...
Hasic, A. (2016, December 8). The U.S. in World War II: See the Posters That Urged Secrecy. Retrieved May 30, 2019, from http://time.com/4591841/loose-lips-sink-ships-post...
This question has not been answered.
Create a free account to get help with this and any other question!
Brown University
1271 Tutors
California Institute of Technology
2131 Tutors
Carnegie Mellon University
982 Tutors
Columbia University
1256 Tutors
Dartmouth University
2113 Tutors
Emory University
2279 Tutors
Harvard University
599 Tutors
Massachusetts Institute of Technology
2319 Tutors
New York University
1645 Tutors
Notre Dam University
1911 Tutors
Oklahoma University
2122 Tutors
Pennsylvania State University
932 Tutors
Princeton University
1211 Tutors
Stanford University
983 Tutors
University of California
1282 Tutors
Oxford University
123 Tutors
Yale University
2325 Tutors