Security Awareness Series—Security and the Next Generation (Part 6)
Unlike previous generations, the current crop of college graduates getting ready to join the workforce grew up with the technology the rest of us had to double back to learn: computers, smart phones, social media, personal websites, etc. Unfortunately, this comes with a comfort level that can be a problem at work.
Ah, but the “lock” comes on in the browser, showing me everything is secure!
Yes, the data in transit is indeed secure, but what is the owner of the website going to do with your information? Did you read the terms and conditions? Of course not—no one does. If you did, you’d still be reading the first of 10,000 you’ve clicked through since then! If you had read it, however, you might be surprised what you would’ve learned—especially who “owns” the information you’ve provided.
Another hallmark of the current generation entering the work force is a deep-rooted desire to stay connected at all times. Older folks may take offense to the quick glance at the cell phone during a work conversation, but that is merely another example of “staying connected”. With the rise of social media and texting, why wouldn’t every young person feel they can stay connected with everyone and everything they care about all at once?
Bad guys are using this shift in social behavior to their advantage. It’s much easier to garner someone’s trust in the virtual world than in the physical. For example, consider a simple friend request where the bad guy is linked to an acquaintance and has the ability to elevate the level of trust, or perhaps a forged text message from someone you think you know with a link to a website—a compelling sob story for help from someone who knows just a little too much about you and your friends.
Things are going to get interesting!
About the Author
Doug Shields is an expert in information security, particularly in the fields of social engineering and employee security-awareness training. He has a long career with the U.S. Government Intelligence Community and private industry in the “white-hat hacker” security space. After recognizing a need for training programs to fix growing security concerns, he founded Humanisec, with a primary focus “to secure the human network”.