IS YOUR NETWORK SECURE ENOUGH TO FIGHT OFF CHOCOLATE? The short answer: probably not.
Even with all of the security-related news in recent years, Infosecurity Europe’s now famous experiment (it just completed the sixth one) shows people are still willing to divulge questions about corporate security in exchange for a chocolate bar.
Here are four things you can do to minimize the security risks from your users:
First, educate, educate, educate. There is no substitute for informed workers, and telling them once a year won’t be enough.
Second, make them sign an agreement that has some teeth. Something along the lines of, “If it is found that I have jeopardized corporate security through my stupidity I understand that I will be thrown out on my ear” (human resources may want to fine tune the wording).
Third, reduce or even remove your reliance on user names and passwords as access controls. Fingerprint readers and swipe cards in addition to or instead of account names and passwords will provide insulation against users revealing their account details to a third party.
Fourth, warn your users about strangers with candy.