Your First and Last Line of DefenseImagine the scene – it is the final battle of a prolonged war. No, we’re not talking about the Iraq war, this war is against your financial institution, and the last waves of enemy soldiers (hackers or other evildoers) are crashing in to take over customer data or computer networks.
There are many different ways to find vulnerabilities in your institution’s computer systems and you and the other information security professionals in your institution strive to find and block them all. The evildoer only needs to locate a single vulnerable piece of hardware, software, (or person).
Look at the normal set up at a financial institution. Those evildoing hackers could exploit web applications, a variety of operating systems or the banking processes, both electronic and paper-based. In the bag of tricks they pull out the “tried-and-true” hacks to slip through or to fool applications (and people) into revealing information, and operating systems into granting privileged access. They try to subvert banking practices to exploit weaknesses, or they attempt to “social engineer” the institution’s staff. They are glib and fearless, talking their way into a loan officer’s area. If no cameras are around, they’ll try to copy information off a computer hard drive when left alone. The less invasive of them will dumpster dive. Some may even hire on as janitors or peripheral workers that come and go unseen by an institution’s staff.
But the employees you have brought through your institution’s information security awareness and training program are like soldiers in the field. Smart information security professionals will take the opportunity to train these important “soldiers.” The best of these “soldiers” start with the simplest: training, documentation and user awareness.
Train your employees, ensure that they know what the risks are, and provide them with clear instructions on what to do, and those people will form the most important line of defense. They will take notice and react to usual activity or intruders; they will consider what can and cannot be discarded as waste; they will turn away the wily social engineer.
As the first line of defense, employees can also be the most important security firewalls in any organization. And their support is perhaps the best armament for the institution and the best guarantee that the security manager will not be found wanting.