So let’s say you are walking down street and you find a USB memory stick laying on the ground. What would you do with the stick once you got home? Well, if you are like 60% of the government workers that found CDs and USB sticks laying in the office parking lot, you would take them into the office and stick them in your work computer to see what’s on them. You might open up one or two interesting looking files. The result of such actions caused malware to be installed on these systems. Can you believe that? Sixty percent of the people that found these devcies had no problem just plugging them into their computers. I guess I shouldn’t be surprised but I am, and somewhat scared as well. It turns out that the Department of Homeland Security were the ones that placed these disks and USB sticks in the parking lot just see see what people would do so no real harm was done. I certainly hope that after that experiment they disable the USB ports and super glued the CD trays closed.
So, what can we learn from this? First off, never underestimate the lack of understanding people have when it comes to computer security. Secondly, we might want to start spending a little more of our security budget on securing the user interface side of the system. Typically we spend most of our time and energy keeping people that don’t belong in our network out. While this is all well and good, we also need to explore all the avenues be which unwanted access may be made. The weakest link in a network can often be the users. Make sure you educate them and then back that up with security measures that can protect them from themselves. And for crying out loud, keep the parking lot clean!