Be careful what you find on the floor of parking garages.
Actually, you probably already knew that. But, according to a test completed this year by The U.S. Department of Homeland Security, a surprising number of government contractors and employees do not.
In order to determine how easy it was for hackers to manipulate employees or gain access to computer systems, The U.S. Department of Homeland Security secretly dropped computer discs and USB thumb drives in the parking lots of government buildings and private contractors.
Not only did workers pick up those devises, but 60 percent of them plugged in the USB drives and inserted the discs into their office computers. If the devise displayed an official logo, 90 percent of workers installed the drive.
It turns out, curiosity does kill the cat—or, rather, scrambles the cat’s computer screen, steals its social security number, and swipes its confidential data through viruses, clandestine computer programming, and general digital mayhem.
“There’s no device known to mankind that will prevent people from being idiots,” Mark Rasch, director of network security and privacy consulting for Falls Church, Virginia-based Computer Sciences Corp. (CSC), said to Bloomberg.
Unofficially, The U.S. Department of Homeland Security test proves that cyber crimes are one part vulnerability and one part idiocy.
“The test showed something computer security experts have long known: Humans are the weak link in the fight to secure networks against sophisticated hackers,” reports Bloomberg.
“In real-life intrusions, executives of EMC Corp.’s RSA Security, Intel Corp. (INTC) and Google Inc. were targeted with e-mails with traps set in the links. And employees unknowingly post vital information on Facebook or Twitter.”
The hacking of confidential data is no minor problem. Security breaches are prevalent, and the cost of all forms of online theft amounts to as much as $1 trillion, according to McAfee Inc., the Santa Clara, California-based computer security company via Bloomberg.
Law offices are certainly not immune to corporate espionage, online attacks, or breaches of confidentiality, so what should firms do to protect their private information?
“Rule No. 1 is, don’t open suspicious links,” Rasch said to Bloomberg. “Rule No. 2 is, see Rule No. 1. Rule No. 3 is, see Rules 1 and 2.”
In all seriousness, it is vital to obey your instincts. If it something appears amiss—like, say, opening suspicious emails, retrieving lost devises and plugging them in, or obeying a prompt to disable your computer virus software–it probably is.