See your link here
The weakest link (humans) includes the security people
7 comments- IT TOPICS:Security
I know many of the reasons why ID theft is such a problem. Anything from phishing attacks, the new two-factor man-in-the-middle attacks, poor web server security (patching, services, etc.), and the list goes on. But you have to marvel at the nack humans have for being so utterly stupid sometimes. Here's what I mean:
A friend of mine has a son in the military. I don't know the issues surrounding the situation, but as any parent knows who has kids in college or in the miliatry, you sometimes have to send a few bucks to tide 'em over (I don't have kids that age, but I remember my army days when I "overextended" myself a couple of times). Well, my friend wanted to wire-transfer some cash over to his son's bank account. He called his bank to inquire on getting it done. The bank told him that all they needed were the routing numbers for his son's bank and his son's account number. "OK," my friend replied, "How do I get those to you?" "Just send them in an email," his banker replied. Now my boss is smart enough to know that is a stupid suggestion, and he told the banker so in a few unminced words. But the banker just didn't get it.
This just amazes me. How can this guy NOT know that email is an insecure medium to be sending sensitive information? This bank is a target for baddies, as are ALL banks. Though this doesn't reflect the security posture of the bank from a pure technological standpoint, it does reflect that this bank is not doing security awareness training, or it is ineffective.
Remember security guys and gals, the human is typically the weakest link. And that link includes you if you are not doing your due diligence and creating a holistic security environment. Train your people, make them pass a test, send out reminders. Create a secure culture. Don't wait. Start now.
Print
Email this
Digg this
