AntiMistake Software – Preventing Human Error and Lack of Awareness

Wednesday, April 07, 2010

Katie Weaver-Johnson


Successful organizations realize antivirus software must be installed on all PCs.  Antivirus software works well if updates are automatic and ongoing (as new risks and threats are identified) to prevent expensive damages to PCs, information and reputations.  

Wouldn’t it be great if every time a new risk or threat to your organization was identified, you could update your employees and partners?  Maybe each morning when they clocked into work, they would just “plug-in” to a system that would make them aware of the new social engineering threats, cyber risks, new regulations, etc.?

We have antivirus software for PCs…why not AntiMistake software for employees?

Every day the headlines reveal new incidents (data breaches, threats, risks, etc.)…and many times these incidents are due to human errors and a total lack of awareness.   Incidents are occurring across all sectors – Government, Education, Financial, Healthcare, Manufacturing and Utilities and across all sizes of organizations – from very large international organizations to small businesses.  And many incidents are accompanied by large fines and/or lawsuits that have a direct effect on an organization’s bottom line.

A few examples include:

CVS Pharmacy – due to employees throwing away pill bottles with personal information, CVS was ordered to implement an information security program, obtain audits every two years for the next 20 years and pay a $2.25 M settlement for HIPAA violations. 

Department of Veterans Affairs – after an employee stored unencrypted information on a laptop, the laptop was stolen and put the personal information of 26.5 million veterans at risk.  VA was subjected to 3 years of class action litigation and a $20 M settlement.

House’s Office of Congressional Ethics – a low-level staffer working from home on a personal laptop used a peer-to-peer file sharing program that provided unauthorized access to a confidential ethics

Is your organization implementing lessons learned?  Are you “installing” AntiMistake software on your employees?

Once-a-year general training is not enough.  Employees (and third-parties) need to be updated on an as-needed and ongoing basis as risks, threats, and best practices change.  By implementing an ongoing awareness and accountability program, your organization can avoid becoming the next lesson learned. 

I also recommend sharing lessons learned internally with your employees, such as a recent data breach or social engineering incident, so all appropriate personnel understand why they are being required to participate in an ongoing security awareness program.  If employees understand that by responding to a phishing e-mail or sending an unencrypted message, they are responsible for their actions that may potentially cost your organization millions of dollars and loss of reputation because of a data breach, they may be more likely to actually read your acceptable usage policies regarding strong passwords, e-mail safety and social networking best practices.

To view Awareity’s AntiMistake Software slideshow, click here.

Possibly Related Articles:
Enterprise Security Security Awareness Security Training
Insider Threats Security Awareness
Post Rating I Like this!
Stephen Cheney There is software available to reverse the crisis situation of your laptop being missing or stolen. You may even gain sufficient evidence to locate, identify and apprehend the thief, industrial or whatever kind of spy (external or internal). One such application is the following:

Mobile SafePatrol --

This freeware program is a stolen laptop tracker. It is not viewable to unauthorized people on your laptop and when you are elsewhere it will covertly send to your Email address an alert about any unauthorized accesses made to your laptop; you can check your email on another PC or internet cafe terminal. It allows you to track where your laptop is on Google Maps; to record audio communications and to capture webcam stills of the unsuspecting thief who is sitting at your laptop.

When your laptop is stolen you can still access it over the web through your Mobile SafePatrol Account, extract what files you want (an option in the paid edition of program only), erase what files you wish to and even wipe your entire Hard Drive.

I suggest that IT departments consider installing a program similar to this one on executive or sensitive laptops; and persons who are interested install same on their personal non-work laptops. Errors, mistakes or a penetration by opponents will always occur at some time or other. It is not fretting that helps, but what you do about such pitfalls that counts. To do something it is best to set up in advance the ability to be able to do a correction; or don't and wear the consequences, like egg in the face.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.