NO partisan here. As one of the people who is responsible for the security of the employees and systems of a medium-sized county government, I am amazed at how poorly organizations like the DNC and RNC handle their IT security. The RNC got hit, too, but they didn’t go for it.
Despite the hundreds of thousands of dollars we have invested in hardware and software to protect our systems, the human element is always going to be the biggest weakness in the organization. We spend thousands of dollars and hours every year educating our employees about phishing and other means of infiltration. Our onboarding classes have a dedicated section on these subjects, and just this alone has made a significant difference in the number of successful attempts at gaining access or compromising our systems. Don’t trust. Anyone or anything. When in doubt, throw it out. Not sure? Delete it. Since we’ve focused more on the human element, our issues have dropped significantly. We interface with DHS almost daily, talk to other government resources and monitor feeds that come in 24/7 with data from various three letter organizations as things develop, but the most bang for our buck has been training our employees to be diligent. Dan > On Dec 17, 2016, at 8:01 PM, Greg Fiorentino via Mercedes > <mercedes@okiebenz.com> wrote: > > I'm pretty sure all of you on this list would not have made the mistake > Podesta made. What I do is NEVER click on the helpful (?) email link provided > in the email warning me of the problem, but go to the company's website that > I know to be ok, or call the number on the back of my credit card, and look > for the alleged problem there. > > Similarly, when the IT person was suspicious of the alleged FBI agent > calling, he could have done something similar and called the bureau through > known safe numbers and asked to be directed to the agent. I have done similar > in my law enforcement career when contacted by the bureau, other government > agencies, or in one instance Interpol, and had any reservations about their > bona-fides. > > Trust but verify...or better, don't trust. Phishing and social engineering > can be very effective. > > Greg > _______________________________________ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com