Security Story #1: Beverly
It’s 11:30 p.m. on a cool Saturday night in Omaha. Our location is a nice neighborhood that is made up mostly of multi-tenancy apartments and condos—some of which are home to retired or elderly residents. There are also some single-family homes and small retail shops that dot the outside perimeter. Crime is very low in this neighborhood.
On this particular evening, a robber is waiting outside one of the apartment complexes with a bouquet of flowers. He has no authority to enter, and the building is secured by an outside door access reader. This is of little consequence to the robber. He just patiently waits around the corner for a tenant to leave. And when someone does leave, the robber is able to catch the door with his foot before it closes and locks. The first step of his upcoming crime was pretty easy to accomplish. He gained access to the building!
The robber moves to a second-floor apartment near the stairwell. He knocks on the door of apartment 201. It’s the home of 82-year-old Beverly Jones. Beverly, startled by the knocking, wakes from her deep slumber. As she moves out of her bedroom, and toward the front door, she asks, “Who is it?” From the other side of the door, a pleasant voice says, “It’s Bob from ABC Floral. I have a delivery for you.”
At this point, I hope you’re telling yourself, “Don’t open the door, Beverly!” It doesn’t make sense—82-year-old women don’t get flower deliveries after 11:30 p.m. This can’t be good!
Is your network security in the same situation as the building? It likely is. You have a lot of people who are authorized to be on your network. They probably get there with secure access or dual authentication. It really is a great first step, and certainly better than allowing people to simply walk in.
Security Story #2: Dave
It’s 8:30 a.m. on a Monday morning at Children’s Hospital—again—in Omaha. Dave is a registered nurse specializing in ear, nose, and throat. His shift started at 7:00 a.m. He checked the latest patient files upon arriving, debriefed with the overnight nursing supervisor, and made his rounds with the patients on his floor.
Over the weekend, Dave socialized with some coworkers, and was introduced to a doctor from another hospital. They exchanged pleasantries, and Dave handed the new acquaintance a business card. It was a fun, congenial evening. What Dave didn’t realize, however, is that the good doctor misplaced Dave’s business card, and left it behind at the establishment.
After making rounds, Dave sits down at the nurse’s station. He logs in using his appropriate credentials, and opens his work email. Dave notices a particular email that is titled “Paper Invoice.” The email reads, “Dave – Attached is the invoice for the paper you ordered for the printer at the nursing station.” The email has a .zip file attached.
Dave doesn’t think about the fact that he left a business card with an acquaintance over the weekend—much less realize the acquaintance misplaced the card. Nor does he think about the fact that someone might be using him to get into the hospital’s network. He’s not a ‘techy’ guy. However, he does think to himself, “I didn’t order any paper. That isn’t part of my responsibility. I’m a nurse! Why would someone be sending me an invoice for paper?”
Has your organization had situations like this? Are people who are authorized to be in your network receiving emails that contain potentially dangerous malware or ransomware? I’m guessing the answer is yes. If you’re in the technology industry, or even received minimal training on your organization’s IT policies, I hope you’re saying to yourself, “Don’t open the attachment!”
Security Story #3: Your Story
The stories are meant to illustrate just a couple of simple ways people “get in” to places they are not allowed. The first story is clearly a crime. The robber is trespassing, at minimum, with the intention of committing an even more-serious crime. The second story is not so clearly defined, but an illegal cyber-crime is definitely the intention.
Although Connection might be able to help with a few technology related solutions in the first story, we have specialists to specifically help you in the second. Network and cyber security is complicated, and very difficult to 100% prevent. With hardware, software, professional services, and training for your staff, Connection can help your organization minimize risk when it comes to cyber security.
Contact an Account Manager who can arrange an overview with one of our security specialists. We will introduce you to our capabilities by using our own Network Operations and Command Center, give you a better understanding of the hardware and software manufacturers we partner with, and learn more about your specific security needs.
In conclusion, Dave didn’t open the attachment. He promptly called the hospital help desk where a technician took over the workstation, and followed the IT security protocols on Dave’s behalf. You will also be happy to hear that Beverly dialed 911 without opening the door.