Consider who comes into your office, and educate users to achieve the “human firewall”.
Speaking at an event in London, Peter Wood, CEO of penetration testers and consultancy First Base Technologies, said that users should be warned about locking workstations as “cleaners are never vetted” and servers are often accessed remotely as “IT people don’t like getting their knees dirty”.
He said: “An attacker can compromise a desktop and take control. The human is the best firewall you can buy, and so are your colleagues, but anyone can figure out the way round it so putting it into their hands is the best scenario. Educate on why it is important on where the risks are as public computers are an opportunistic environment for attackers. This is the minimum you need to do.
“Also consider advising on public wireless, it is basically radio where there is no security so if you are doing plain text browsing or email on it, your credentials will be stolen. If you use public WiFi, don’t do anything sensitive.”
Wood concluded by warning users to think like the attacker” and engage staff to do the same thing, as the best protection to strive to is to think outside the box and think how an attacker would approach it, “not how you would like them to approach it”.
