Forbes magazine recently published an article about The Ten Most Dangerous Online Activities. For a network manager, there’s nothing surprising here. However, it’s worthwhile to send the information and advice in this article to every member of your user community. There’s always someone who thinks his online activity is so innocent that it couldn’t possibly invite trouble. Yeah, tell it to the help desk when your PC starts acting weird.
Forbes magazine recently published an article about The Ten Most Dangerous Online Activities. For a network manager, there's nothing surprising here. However, it’s worthwhile to send the information and advice in this article to every member of your user community. There’s always someone who thinks his online activity is so innocent that it couldn’t possibly invite trouble. Yeah, tell it to the help desk when your PC starts acting weird.
I’ll summarize the Forbes article here, but I highly recommend you read and circulate the full article for the examples and real-life scenarios. So, according to Forbes, these are the types of activities that can get you in trouble, despite your best intentions:
1. Clicking on e-mail attachments from unknown senders
Hopefully your user community has learned by now to avoid e-mail “stranger danger.” When it comes to attachments, if you don’t know who sent it, simply delete it. For that matter, it’s a good safety practice to ignore non-business-related attachments from people you do know. These attachments could have Trojans embedded in jokes or photos sent by unsuspecting friends. If the attachment is truly important, the person who sent it will follow-up with a phone call.
2. Installing unauthorized applications
Some employees take the phrase “personal computer” a little too literal, thinking they can install whatever they want on a company-owned PC. ITunes, instant messaging, screen savers and other fun utilities. Even if these applications are harmless, they must be discouraged as a violation of company standards.
3. Turning off or disabling automated security tools
Have you ever known a user to turn off or reschedule an automated virus scan or security update? In truth, we’ve probably all done it once or twice because the time of the scan or update just wasn’t convenient. Circumventing security measures, even in the name of productivity, simply can’t be allowed.
4. Opening HTML or plain-text messages from unknown senders
Not just attachments, but also regular messages from strangers can pose a danger. Increasingly, HTML documents are the source of spyware or executable code. Teach your users to be skeptical of every message – with or without attachments – from unknown sources. When in doubt, delete the message. If it’s important, the sender can follow-up again with another message or a phone call.
5. Surfing to gambling, porn or other dicey sites
Some people think that they have the right to visit any Web site, as long as it isn’t done on company time. Well, bucko, time isn’t the only resource of concern here. Many “vice” sites are known to place Trojans on visitors’ computers in drive-bys.
6. Giving out passwords, tokens or smart cards
Despite years of warning users to closely guard their passwords, about one in three people admit to writing their password on a piece of paper stored near the PC. The irony is that network administrators force users to adopt passwords that can’t be remembered – ones with numbers, symbols, capital letters and at least eight characters. When a user fears forgetting his password, he writes it down, creating a new vulnerability.
7. Random surfing of unknown, untrusted Web sites
See No. 5 above. Adware. Spyware. Trojans. Surf some of those fun Web sites for a bit of entertainment and you could get more than you expected. Even MySpace sites are a new danger for depositing unwanted malware onto PCs.
8. Using any old Wi-Fi network
That Internet cafe with the free Wi-Fi might be a fun place to hang out, but you have no idea who could be intercepting your data from such a network. Make sure that users at least have a personal firewall on the laptop before jumping on a wireless network operated by an unknown source.
9. Filling out Web scripts, forms or registration pages
Register to get this free download or to subscribe to that newsletter. The question is, who is capturing your personal information?
10. Participating in chat rooms or social networking sites
Who hasn’t been invited to join LinkedIn or a similar social network? Social engineers – those who gather information about you to garner your trust – love these kinds of sites. They learn enough about you and your colleagues to earn your trust and get you to reveal additional personal information.
For years we’ve enjoyed relatively safety in conducting business and personal activity on the Internet. Unfortunately, we now need to give up some of our habits and activities, or at least get smarter about what we do, to protect our identities, our resources and our assets.
Editor's Note: Is your IT organizational structure holding your company back?
We're assembling a package of stories to be published in Network World looking at the IT organizational structure of the future and we need your help:News Editor Bob Brown
* If your company has recently reorganized in light of new business and technology challenges and opportunities, can you send along "before" and "after" org charts? (Feel free to strip out the names, we're really just looking for titles. But give us a sense of the size of your IT organization/business.) Can you tell us how the reorganization has worked out?
* If your company is in need of an IT org makeover, what areas are currently most dysfunctional?
* Any advice on what your peers can do to improve their IT organizations right now?
We're looking to tap into our readership through a technique some call "crowdsourcing." Knowing we don't have all the answers, but that our audience probably has a lot of them, we're hoping to help you help each other.
Please send info to