being social – security viewpoint

Elements of security

A very short memo about what security in a company means.

Importance of Sociability
– being a learned person, but lonely: so much information to draft through each day; task impossible; 1,000,000 viruses and increasing. New kinds of tricks: social engineering, technical bugs, vulnerabilities, spamming, malware, etc.
– loneliness also increases the likelihood that a social scam will work: people who don’t interact, don’t know the latest scams going around.
– social activity increases the possibility to learn new things. It’s what has kept humanity alive and developing for millions of years
– modern tribes may be virtual: a sysadmin feels closest kinship with fellow sysadmins around the world

=> companies should make sure that people also engage in interactions. Preferably
facial, but virtual interactions can be useful too. The better people know each
other, the more they form integral networks, where trust exists. Too many unknowns
mean cumbersome co-operation and also due to lack of trust, there’s probably
a lot of duplicate work being done.

The problem is that many organizations are shattered in the social sense. There are tight, small clusters of people; and in addition to that, there are many outsourced persons, etc. The old-fashioned family business type of model no longer exists. So if there’s a social engineer (somebody who wants to con information) he has a high probability of cutting it.
At least once.

Where does it lead? Security and competence problems. If there’s no mentor-attitude, the newcomer may be quite lost. People working under pressure and feeling the expectations for fresh meat may do critical errors early on in their careers;
giving out passwords to people who should never know these; revealing otherwise
sensitive information to someone who demands it. Etc.

Leave a Reply