Commonly Employed Threats 247
Dumpster Diving One man’s trash is another man’s treasure, and an attacker may be able
to collect sensitive or important information from wastebaskets and other collection points
and use it to perform an attack. In practice, such information should be shredded, burned,
or otherwise destroyed to avoid it being intercepted by an attacker.
Phishing Phishing uses a legitimate-looking e-mail that entices you to click a link or visit
a website where your information will be collected. This is a common attack and is very
effective, even though this technique has been around for more than a decade and multiple
warnings and advisories have been published, telling users what to look out for.
Although many companies implement technology, administrative policies, and physical
measures to stop social-engineering attacks, prevention still comes down to human beings.
They are in many cases on the front lines, watching for an attack. Measures that can help
defeat technology-related attacks include the following:
Installing a Modern Web Browser As the main portal to the world of the Internet, your
browser must be as safe and secure as possible. Being safe and secure means at least two
things: Use the most current browser, and keep the browser up to date. Additionally, avoid
unnecessary plug-ins and add-ons that clutter the browser and may weaken it. Most modern
web browsers include features that protect against social-engineering attacks like phishing
and bogus websites.
In January 2014, in an effort to reduce support costs and other issues, the website
nursingjobs.com decided to take the unusual step of buying new Chromebooks for their
older users who had legacy software and hardware. The company issued the following
statement:
IE7 users make up 1.22% of our traffic right now, and this will decline as more computers
are upgraded and can use modern browsers. However, we know that some of our clients
are still stuck with IE7 so we decided to make a bold offer, one that initially seemed crazy
to us but now makes a lot of sense.
We are offering to buy a new computer with a modern browser for any of our customers
who are stuck with IE7. We determined that it would cost us more to support a browser from
2006 in 2014 and beyond than it would to help our clients upgrade their legacy hardware.
In addition to the support costs of offloading a browser from 2006, nursingjobs.com is
also avoiding the costs associated with security issues that may arise from the use of an
older and unsupported browser. Although such an option may not be an option for your
company, it shows a unique approach to the problem of legacy equipment.