Financial Services Workers Fooled by CD Scam

Financial Services Workers Fooled by CD Scam
NSI

An experiment carried out within London's financial district has demonstrated what security experts have been saying for years: employees - even those working with ultra-sensitive financial data - are unaware of or don't care about basic security practices.

In the experiment, CDs were handed out to commuters as they entered the city. Recipients were told the disks contained a special Valentine's Day promotion. In reality, though, the CDs contained nothing more than code that informed the company performing the experiment how many of the recipients had tried to open the CD. Among those who were duped were employees of a major retail bank and two global insurers.

Clear warning
Making these results even more ridiculous, the CD packaging even contained a clear warning about installing third-party software and acting in breach of company acceptable-use policies. The warning failed to deter many individuals, who showed little regard for the security of their PC and their company.

The designer and leader of the experiment said, "Fortunately, these CDs contained nothing harmful — no personal or corporate data was transmitted due to the actions of these individuals. But the fact remains that this could have been someone wanting to cause havoc in the city."

The employees, by carrying the CD into their offices and putting it straight in their PCs, bypassed much of their company's security. Experts said workers must understand that they are the first and easiest route into their company's network.

Last year, the London office of the Japanese bank Sumitomo Mitsui fell victim to a spyware infection that nearly netted the perpetrators millions. That case highlighted the threat posed by applications entering the enterprise through unofficial channels — and yet it appears few companies have taken note.

© National Security Institute, Inc. – Content excerpted from NSI’s SECURITYsense—a monthly information security awareness service for educating your end users. This copyrighted article is the property of the National Security Institute and may not be reproduced or redistributed in any form without license agreement. For more information on the SECURITYsense program and to view FREE samples, visit http://nsi.org/SECURITYsense2.html.





Around the Network