How Security Procedures Should Be Implemented

1855 WordsAug 23, 20168 Pages
When someone breaks into a network, people assume that it was by way of some complicated computer code or application. This is usually not the case, most of the time social engineering is involved, that is, someone has unintentionally allowed an unauthorized person access to the system. This is the main reason that security procedures must be implemented, and all employees must follow them. If these measures are followed, it makes investigation more easy for the forensic investigator, he or she has a starting place (South University Online, 2016). The best way to ensure that the employees are aware of these procedures is to have a mandatory online class that outlines what is and what is not considered sensitive, as well as who is…show more content…
Phishing is defined as the attempt to acquire sensitive information like passwords or credit card details for malicious purposed by pretending to be a trustworthy person that is authorized to gather this information by using electronic communications (Wilson, 2016). This method could easily be used to gain access to a network. All hackers need to do is to pretend that they received an alert from the system and they need to check it out. They can say that it is a courtesy call and it is no charge to the individual. Most people are willing to have their system checked out if it is free. Unfortunately, they normally will not check the credentials of the person sending the email, and since some individuals will also have their work information on their PCs, it becomes an even greater threat. When attempting to access information about my company, I was unable to retrieve any technician names from any search engines. Any reference to names required a work order from a customer. I then went to the LinkedIn website and did a search on my company’s technicians. Again, I was not able to obtain any names. However, it did bring up technicians’ addresses, and when you send an ‘InMail’, LinkedIn’s email service, the first name and last initial were displayed, making it much easier to masquerade as, for instance, someone named Doug from the Kansas City office. The person could then request your password to check your system. Even if the person called the office to
Open Document