Free CD bests corporate security

Flicking through a recent copy of SC Magazine there are impressive looking adverts featuring all sorts of fancy looking hardware with taglines urging customers to be fearless, eliminate blended threats etc.

Having you network sit behind all this expensive hardware I’m sure helps your average IT manager sleep easier at night, but it may also be providing a false sense of security, according to an interesting article at Silicon.

If you were in the city of London on February 14th and picked up a free CD advertising a Valentines competition you could unwittingly have been part of an experiment.

The organisers, IT skills specialist The Training Camp, wanted to see whether, in a world where even free morning papers like the Metro carry warnings over spyware and virus attacks, users would still wander into office and merrily plonk the CD into their PC.

To give users a hint that they this might not be the best course of action to take, the CD packaging even warned about installing third-party software and breaching company acceptable-use policies. Of course common sense went out the window and with the chance to impress a loved one in the offing many went ahead regardless.

In the event, this was just a harmless experiment, with no corporate data compromised but its significance is clear.

As Rob Chapman, the company’s CEO, pointed out to Silicon: “No personal or corporate data was transmitted due to the actions of these individuals but the fact remains that this could have been someone wanting to cause havoc in the City."

In a world where every newspaper is seemingly giving away a CD or DVD it’s perhaps easy to see how the ordinary employee could become desensitised to the risk.

Nonetheless, if employees of supposedly some of the most security conscious organisations in the country, namely banks and financial institutions, can be caught this way it suggests many companies in the country will have a way to go when it comes to educating their staff on the basics of IT security.