It’s the holidays and nearly one-third (29%) of IT Pro’s will be too busy to take time off according to a new study. Unified security management vendor AlienVault noted the IT Pro stress in an article at Infosecurity Magazine. They report that industry skills shortages will have a major impact on IT professional’s time off (paid or unpaid) this holiday season.
The AlienVault study polled over 400 IT pros to better understand their workplace stresses. They found that half of those that can afford to take time off this festive period will spend it worrying about work.
Other factors adding to IT Pro’s holiday stress included:
AlienVault security advocate, Javvad Malik, argued that shortages are not always down to a lack of available talent. He told Infosecurity:
On the other side of the coin is the willingness of companies to invest into more staff … Particularly in small, but growing companies where we often see a company’s infrastructure may grow rapidly, yet the IT team doesn’t scale at the same rate.
Data breach stressAnother reason leading to holiday workplace stress cited in the article is data breaches. Almost a quarter (21%) of respondents said that when a security breach happens the IT teams are blamed. The author speculates that might explain why 14% said that would cover up a breach and not report it, if it didn’t involve regulated data.
IT teams are also increasingly ready to turn a blind eye to users bypassing security controls. If it makes their job easier in the short term. AlienVault’s Malik explained there could be several reasons why some IT staff turn a blind eye to employees bypassing controls. He told Infosecurity:
It could very well be because controls may be too rigorous in the first place. Sometimes this is as a result of controls being implemented by those unfamiliar with the day-to-day operations, or even because of compliance regulations. In smaller companies, it is sometimes because of agreements they may have in place with larger companies who dictate stringent security controls as a condition of business.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Did you know that our bodies naturally caffeinate themselves? Or the best time to take a coffee break to make you more productive at work? This infographic explains some of the tricks to get the most bang from your daily cup of joe.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Microsoft’s recent purchase of LinkedIn has pushed the struggling ersatz professional networking site back into the limelight. There is plenty of speculation why Microsoft (MSFT) purchased the site for over $2.6 billion. Undoubtedly it has to do with LinkedIn’s (LNKD) cache of over 430 million online users. Whatever Redmond’s designs are, now is probably a good time to check LinkedIn security to reduce your LinkedIn risks.
Attackers have long used social networking as part of their reconnaissance activities. They cull personal information posted on the site to craft targeted attacks that have a higher chance of succeeding. The cyber-criminals rely on the fact that people tend to trust people within their personal network.Their targets are more likely to fall for a spear phishing email if it appeared to come from a fellow member. The victims would also be more likely to visit a website if a member of their network suggested it.
The fake LinkedIn profiles “significantly increase” the likelihood that these social engineering attacks will work according to research by Dell SecureWorks. The SecureWorks article describes how attackers use fake LinkedIn profiles. Most of these fake accounts follow a specific pattern:
They bill themselves as recruiters for fake firms or are supposedly self-employed. Under the guise of a recruiter, the attackers have an easy entry point into the networks of real business professionals. Real recruiters already use the service as a way to find potential candidates. LinkedIn users expect to be contacted by recruiters, so this ruse works out in the scammers’ favor.
Attackers copy text from profiles of real professionals. They then paste it into their own. The text used in the Summary and Experience sections were usually lifted verbatim, from real professionals on LinkedIn.The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals. Using these fake LinkedIn accounts, scammers can establish a sense of credibility among professionals to start further connections. The fake network was created to help attackers target victims via social engineering.
In addition to mapping connections, scammers can also scrape contact information from their connections. The attackers collect personal and professional email addresses as well as phone numbers. This information could be used to send spear-phishing emails.
LinkedIn cyber-thieves use TinyZbotmalware (a password stealer, keystroke logger, multifunctional Trojan) and disguise it as a résumé application. The Dell researchers advise organizations to educate their users of the specific and general LinkedIn risks in their report:
There are a few ways users can identify fake LinkedIn accounts:
Do a reverse-image search. Tineye.com offers a browser plugin or use Google’s Search by Image to confirm the in picture is legit.LinkedIn told Panda Security:
We investigate suspected violations of our Terms of Service, including the creation of false profiles, and take immediate action when violations are uncovered. We have a number of measures in place to confirm authenticity of profiles and remove those that are fake. We urge members to use our Help Center to report inaccurate profiles and specific profile content to LinkedIn.
As always, it pays to be careful with information that you share online as it can save you many potential problems in the future.
Here are some tips to keep your LinkedIn experience as secure as possible. Update Privacy Settings to understand how you’re sharing information. Smart options include:
Turn your activity broadcasts on or off. If you don’t want your connections to see when you change your profile, follow companies or recommend connections, uncheck this option.Opt into Two-Step Verification to prevent other people from accessing your account. LinkedIn lets members turn on two-step verification for their accounts. This will require an account password and a numeric code sent to your phone when you attempt to sign in from a device your account doesn’t recognize.
Opt into Secure Browsing for extra protection against unauthorized access to your Internet activity and to make sure you’re connected to the real LinkedIn website. While LinkedIn automatically secures a connection when you’re on certain pages that require sensitive information, you also have the option to turn on this protected connection when viewing any page.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedIn, Facebook and Twitter. Email the Bach Seat here.
