Humans can be the biggest problem
The threat: The biggest risks to information security are people. Studies have shown that most security incidents start from within, and are usually accidental. Sophisticated attacks use “social engineering” (predicting or manipulating human behavior) to trigger the exploitation of desktop application security flaws.
The solution: Constantly reinforce to employees the dangers of opening attachments and clicking links sent in email, messenger applications and posts on social networking sites. All it takes is one person making a bad decision to compromise the entire business. One clever and effective strategy for keeping employees on their toes is simulating attacks (similar to a surprise military drill), using an Internet Security Awareness Training program, which costs about $15 per person per year.
Of course, these are just quick snapshots of key threats and tools. It’s a big and complex subject (Mitnick has filled three books on it so far), but these are great starting steps for most small companies. As Mitnick says, “The most important point is that computer and information security is not, and can never be, a one-size-fits all-solution.”
To read the entire article, click here: http://www.cbsnews.com/8301-505143_162-57344282/security-tips-from-a-legendar…