Take this quiz to find out how backwards your company’s online security, vulnerability to clickjacking, and desktop fraud is.
1. The website has been hacked. The reboot of the computer system after resetting the IP address and moving the company website takes about ___ minutes.
A) 15 minutes.
B) Three days of talking on the phone to the boss’s cousin who made the website three years ago.
C) Four people to read the manuals and one long customer service phone call to the people who originally made the website, who charge an additional fee for the reset.
D) Impossible without the network system admin, the boss, and some guy who bought the computers in the first place who no longer works for the company.
The best answer is A.
The move of a hacked website to a new location with new passwords and security parameters should be child’s play. But company devices should be checked daily for intrusions.
Information Services must have a hackproof battle plan to deal with violated computer spaces.
2. The likelihood of finding unauthorized downloaded games, files or movie codecs on your company desktops or laptops is at __ %.
A) 5%, because the daily drive subroutine on all company devices cleanses and reports extraneous files daily.
B) Somewhere between 10% to 95% depending on whose computer it is.
C) Basically 0%, unless Randy in IT is a friend of yours.
D) 50% among the younger employees, about 5% among the older employees.
The best answer is A, and not C. Special access by the IT staff is a common workplace security problem. Getting on the good side of the information technology staff is a common way for hackers to buddy-buddy their way into network security secrets.
These rogue programs create opportunities for other administrators to get into computer root files. One way to sabotage a company is to delay their productive operations by causing computer problems. If a company psychology is to go on cruise control until computer problems are fixed, a competitor can get a two week jump on their business.
Imagine an escrow office who is two weeks late on daily escrow file closings and paperwork. Their competitors will snap up business while the company owner debates spending the money the computer experts to fix the computer network.
Guess who pays the bill for fixing them and lost time sent reproducing work, not to mention the cost of new devices?
3. Replacing a company computer in case of theft is contingent upon…..
A) How much the boss has on his credit card that week.
B) Completely a 100% possibility.
C) Possible only after an insurance follow-up, company investigation by an outside firm, and police report.
D) Depends on how important the person is to the office productivity.
Best Answer is C.
Employees and their pals know when a company just buys another computer or replaces it with a better newer model. If the perception among the staff is that the company can afford to buy another computer, they will let the message get out one way or another. IP addresses can be pirated easily and “ghost’ identities used because employees leave computer logged on all night.
If staff know they will not get another computer, they will lock their desk, not leave it in the car, or forget to use wire locks at the workplace. Thieves know that laptops jammed from the desktop workplaces can be sold to fences for 15% cash. And if employees know a private detective might follow up, they might think twice before faking a “theft”.
4. When the office manager discovers that three laptops are missing from the office, they assume it is the work of a burglar or hacker-based gang of thieves.
A) Yes, 77% of workplace theft belongs to petty criminals.
B) No, in-house theft is about 50% an inside job or related to personnel access.
C) The office manager is right. No employee would take their own computer because it is to much work to catch up.
D) Every computer theft or workplace crimes is in its own separate bubble of cause and effect, motivation and opportunity.
The Best Answer is D.
Every computer theft can be an inside job, a faked excuse to not turn in undone or sloppy work by a deadline, to misdirect attention elsewhere (security staff are sloppy, the office is not secure, etc., etc.). Each theft is a separate case and no assumption can be made.
Employee on employee sabotage can also be a motive for theft. If another employee is competitive with the one missing a computer or one with their system down, they can deliver the data or fulfill their work obligations better. What if Barnes in accounting loses his laptop because he didn’t get their work done? The stonewalling of an employee to cover a missed deadline by disappearing their own computer is not unheard of.
5. An executive director of a 30th floor office puts in an emergency cash request for a new laptop, at a rush. He/She is upset to find that the assistant’s laptop was stolen from a locked desk drawer. The assistant swears they locked the computer inside before they left, but have no witnesses to leaving without it. But the executive director supervises a large staff and needs their assistant to get another computer immediately.
A) The assistant probably took it.
B) The executive may have stolen it.
C) The cleaning people probably found a way into the desk.
D) Thieves got into the office and got it.
Best answer is B.
An executive might need extra cash or want a computer for a kid in college. A disgruntled employee might be stealing resources to set up their own company. Security staff might have their own angle, carrying equipment out under the eyes of people whose paychecks they sign. All of these people may suddenly have new passwords and computer access to places they shouldn’t once a device is stolen.
The executive may be involved since they have facilities access to another key to the desk, have physical access to the assistant’s desk drawer, and unquestioning access to the assistant’s office space at any time. The executive also can be in the office at unscheduled times with additional scrutiny or security walking to his/her car alone. The director is also more embarrassing to accuse, whereas blame might be directed a a lowly staff member such as an assistant and get them fired.
6. The exterior workplace security for your office in case of theft, intrusions, and unauthorized workplace access is “adequate”.
A) No, there are no external cameras at all, nor any security staff onsite watching people walk to cars or exit the building.
B) Without a lobby coordinator, guard, or timed access keycard, employees come and go with guests and unannounced visitors, carrying anything they want, anytime they please.
C) All of these statements apply.
D) Thieves surveying the premises can easily see that only a forced door or smashed window stands between them and a bevy of office equipment, including computer hard drives with passwords and saved Internet activity and cookies.
Best answer is C.
These kinds of small business scenarios make targets out of one person offices or small companies. Small to medium businesses may cut costs and scrimp on security.
The people living close to the business know more about the staff leaving than the people running the business. The blind parking lot permits any kind of theft, especially at late night hours or if a truck or van blocks the visual angle from the curb. Police taking a theft report will goggle at the invitation left out.
7. Security guards will prevent almost all theft except armed theft and pure Internet intrusion and device programming violations.
A) Yes, provided an affordable company is used.
B) Only when rotation of staff and bonded employees are used.
C) Yes, and prevent physical employee theft as well.
D) Yes, especially when long term guards know the employees well.
The best answer is B.
Bonded staff have a record following them around from job to job tracking trustworthiness handling goods and premises for security purposes. Rotation of guard staff prompt guards to ask questions and give employees who cannot be trusted another reason to choose another day to carry out a laptop or hide supplies in a purse or attache case.
8. Employees at your company have never been subjected to physical pat-downs, purse checks, laptop bag or backpack searches, and escorted pointedly out the door without “packing up” for the evening.
A) True.
B) Only police have the authority to search a backpack or purse.
C) Company guidelines and policies stipulate at-will employment which will be terminated if the employee does not submit to a guard or supervisor purse check or backpack search upon demand.
D) Employees consider their work laptop “theirs” and under privacy restriction and not subject to search.
Best answer is C.
Employees should have no reason not to submit to purse and backpack checks or even physical pat-downs by guards if the situation warrants. make sure employees are reminded that laptops are not “theirs”. Employees must know they are subject to termination if they do not willingly submit to this action. Use of a carry-out permit signed by a supervisor can eliminated “misunderstandings”.
9. Document Control procedures at your office are…..
A) Nonexistent.
B) Optional shredders are provided.
C) Networked printing and a closed circuit camera reviewing printing, faxing, filing and shredding activity takes place hourly.
D) People in the office might notice if you print out a novel, but perhaps not.
The best answer is C.
Office workplace printing by employees of non-work related material gets very costly. Employees print shopping, travel, or hobby information and bleed printers dry of ink. Paper refills can be costly and time intensive to refill. A networked central printer lets everyone know their jobs are noticed for frequency, size, and type.
By the time the big contact must be printed out, the employee is furious to discover mountain of unclaimed print jobs and an empty cartridge. But since not every office can afford this level of security and this type of protection, networked programs that log printing activity should be used.
10. The boss knows without talking to anybody who has taken their laptop home that night (for any purpose) and who has not.
A) Yes.
B) No, employees pretty much do whatever they ant.
C) Laptops are supposedly secured for weekends in an officewide policy, usually.
D) The boss has no idea who is using their computer at home and what they are doing with it outside office time.
Best answer is A.
Many workplaces do not exercise adequate laptop security exterior to the actual workplace. this allows employees to get sloppy, forgetful, careless or malicious. Make a policy that all employees leaving for home or leaving the office must text a central email address that they are removing office equipment (such as computer laptops) and for how long (overnight/weekend/lunchtime). This is a facilities priority for asset management.
Make it a further policy that anyone whose laptop is stolen without this notification is responsible for its replacement cost and subject to termination as well. review what reasons people take home their devices and make sure employee know that unnecessarily risk might mean disciplinary procedures (i.e., the employee went clubbing at bar with the laptop bag on him, the employee left the laptop in a car in view in bad area checking out a dive).
Unauthorized computer access after hours should be a termination offense. managers should review acceptable use policies for computers for employees. The IT department can program hourly IP checks to see what computer are being used online and from where. This can substantially reduce theft occurrences, and profile workers who are security risks.
September 17th, 2011 
admin 
