About Us | Contact Us
View Cart

Let’s think this through!

By Dan Hadaway | Thursday, August 5, 2010 - Leave a Comment

Thinking Through

Technology presents many risks that we discuss on a regular basis.  There are many threats out there . . . . hackers, scammers, fraudsters, even divorcees trying to gather financial information on their ex-spouse!

But there is one threat that we often overlook.  This threat seems to sneak up on us at least once a year.  We usually suffer through the exploits of this threat with embarrassment and sometimes an open checkbook.

This threat is us.  You and me.  Those who create/order/purchase the new technology, those who use the new technology, and even those who see the new technology in use.

Or, you could say the threat is the technology itself.  The way we USE technology . . . . especially new technology . . . . can damage our reputation.   Try to think of some examples in your own experience where the use of a new technology caused problems.  Okay, if you don’t want to relive that pain, let me give you a couple of examples that illustrate my point.

Take the university that sent 1099’s to their contract employees using a fancy new envelope stuffer.  They forgot to tell the stuffer that the 1099’s were printed two per page.  Imagine the embarrassment of those involved when half the contractors called looking for their 1099’s while the other half called wanting to know why they had somebody else’s 1099 on the bottom of theirs!

Or take the medical processing company that decided to put patient account numbers for their client on the outside of envelopes.  The account number had an interesting format . . . . XXX-XX-XXXX!

Surely somebody in the university’s accounting process knew that 1099’s were printed two up.  It would be hard to imagine that somebody in the mailing department at the medical processing company didn’t notice the social security numbers on the outside of the envelope.  Why didn’t they say anything?  Could it be that they assumed that somebody knew what was going on?  Or could it be that they figured they could get into trouble if they held up the mailing deadline?

Whenever we use a new technology, no matter who we are in the organization, we need to think it through.  Let’s try to encourage a culture where everybody is allowed to point out what they see happening in the use of that technology that could be embarrassing or worse.  Of course we should try to think things through in advance of the new technology, but let’s encourage the front line to warn us of anything they see going bad in the use of new technology!

Click here for more information about User Awareness Training!


Intended Use:

The purpose of Vigilize is to respond to ISOs’ complaints that users never read ISO’s “ongoing security awareness training reminders.”  Our tweets are designed to be copied into the subject line of your awareness reminder, with the language on these pages put into the body.  The goal is that the user will have to read the subject line to know to delete the message, and if they understand the subject line the reminder is communicated.  If not, they will go into the message and read the reminder.

Feel free to use Vigilize in your own Security Awareness Program.  Let us know if you have any ideas, suggested tweets, or ways to improve this FREE service.

Latest News
    Why It Rhymes With SEEM (And its Not the I Before E Rule) Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . It’s the Gestalt. The idea that the whole is greater than the sum of it’s parts. That’s not something that is often brought […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
    Four Conditions … …For Why a Network Can be Anything But a Network! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have to admit that infotex is being called into engineering meetings with larger organizations these days that are NOT community based banks.  We […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
    Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of  IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Many organizations still fail to consider the unique risks posed by cloud computing… An article review. Last month thousands of Western Digital MyCloud device owners learned about the risks of cloud-based solutions the hard way: their data had been wiped remotely due to a flaw in the internet-facing component of their external hard drives. While […]
    infotex does not use Kaseya… We are protecting our Clients! Another blog post meant to inspire thought about IT Governance . . . . To all infotex managed security service Clients: As you may be aware there was a large ransomware attack recently that leveraged a remote management tool called Kaseya that is used by many […]