Hijack this

. 10 ways users mess up their computers Save money now on Palm Treo 755p. Despite their role as the last gatekeeper of IT security, many employees lack training and understanding. In the late 1960s, Warren Moore was a young man working in the IT department at apparel giant Genesco. As a prank, Moore rewrote some code for the company's IBM mainframe to allow him to send anonymous messages to co -workers. But his joke inadvertently resulted in his message being inserted into a sales forecast report, which was about to be presented by a genesco vice president. As symantec CEO John Thompson Puts It, a lock is useless if you don't lock it. He and others suggest that companies get appropriate policies and training programs in place, rather than simply relying on software. "Luckily, they didn't fire Me," said Moore, who now serves as an information security consultant for Convergys. "I kept my job, but it got Me thinking about computer security, and it got Genesco thinking about it too. They offered all their employees a program on the dos and don'ts of working with computers. Genesco was ahead of its time in offering information-security training to its rank-Andes- sirloin workers. and even today, security experts say very little is being done to educate employees on antivirus techniques and company policies relating to information security. "People are the weakest link," said Chris Pick, vice president of market strategy at security and systems-management company NetIQ and co -founder of, an educational and informational Web site now operated by the Information Systems Security Association, or. "Education is the first line of defense. But apparently not many companies are following that playbook. and of those companies that had, only 15 percent had provided such training in the previous six months. seems to be aware of the problem too. PC users are frequently pinpointed at the weakest link in the security chain. Nearly one in 10 developers thought security solutions were too complex for the average user. The lack of an informed work force can be costly for a company, since technology can only go so far in protecting a network, security experts said. What you don't know, can hurt you "Unfortunately, people are still not thinking before opening an (e-mail) attachment. How often does your company provide you with security training. Often: More than once a year Not often: Less than once a year Such acts can paralyze an organization. and in some cases, virus outbreaks have lead to companies shutting down e-mail systems, as a costly but preventative measure. Health Insurance Portability And Accountability Acts, and financial reporting measures, such as the, are also raising the stakes for corporations. As a result of these regulations, companies need to keep their customers ' information, as well as their financial reporting material, under tight security. Companies are increasingly becoming aware of the problems security breaches and viruses can bring, but few are devoting dollars to educating the work force - to tyue last gatekeepers. For those who have yet to undergo training, here's some basic advice on how to keep your computer and your company secure: Passwords: Change passwords frequently, choosing unusual words, numbers or a combination of both. For example, deliberately misspell words, substitute numbers for vowels, do a combination of both, or remember the first letter of every word in a sentence. Vanity passwords, similar to vanity license plates, can also be effective. Attachments: Beware the unsolicited e-mail attachment, even if it comes from an e-mail address you know (some viruses can hijack addresses). Reply to the sender and ask if he or she did indeed mean to send the attachment. &#yya9.. Read e-mail messages in plain text rather than HTML, especially when using Outlook 2003 or Outlook Express. &#yya9.. Be suspicious of any e-mail that tries to lure you to a web site and have you enter personal data. This tactic - challed phishing - IS used for identity theft. Browser: Use a utility that prevents pop- UPS from opening and installing malicious code on your computer. &#yya9.. Before you crack open that laptop and begin entering sensitive data or reviewing confidential information, be aware of who is sitting behind or beside you. It May be better to sleep during that plane trip, rather than unwittingly sharing sensitive information with strangers. &#yya9.. Avoid leaving your computer on and unattended. You never know who might pass by and access your information and the corporate network. &#yya9.. Take the time to install patches and updates. If you don't, you May wind up spending a lot more time cleaning up the havoc wrought by viruses and the like. Physical security: Be aware of anyone trying to enter your company's premises without proper identification. Employees need to be vigilant about providing additional eyes and ears for the company. Who's who: Learn whom you should contact to inform the company of breaches in both physical and network security. "Ten (percent) to 20 percent of large enterprises have something in house already. and when we ask about their program, it's not a security awareness program at all. All they're doing is posting their security policy on their Web site and calling it training. I'm guessing, at most, maybe 5 percent of those companies are going out and actually training employees, "said Kathleen Coe, Symantec's education services director., chief executive of security software provider Symantec, has been a longtime advocate of companies developing corporate policies on security issues. He notes that technology alone can't keep companies secure. "A case in point: There is a technology, a simple technology associated with securing your house, it's called a lock. Thompson said that given a fixed budget, companies should first invest in a corporate security policy and staff training, before purchasing security products. Historically, companies have viewed the issue of security and antivirus protection as a problem for their IT departments. and employees at these companies have held a similar view, said IT managers and security officers. But the tide seems to be turning, even among employees. "Now they're taking ownership of the data and making sure it's secure, rather than just saying it's the IT department's problem. Breth noted the new privacy regulations are helping to drive the increase in employee awareness and participation. Westfield's chief executive has also brought up the issue of IT security during the past two companywide meetings, and that has helped set the tone for visibility. Westfield is also supplying its employees with frequent security and antivirus tips that go beyond avoiding unsolicited e-mail attachments. "The big problem with educating employees on security issues is being able to track whether you're getting through to people," Moore lamented. "Everyone knows about viruses, for example, but half the people don't have antivirus software. They're the ones who become the (spam) zombies and infect the entire human race. Photos: Cracking open the MacBook Air How, exactly, did Apple get an entire working computer into a space as thin as a magazine. TechRepublic explores the notebook's innards. Human Firewall Gets New Owner Researchers Warn Of Infectious Web Sites Security Groups Call For Education, alert systems Vintage toy manipulated to play your tunes See how iPhone exploit works Blade servers that use less energy Market news, charts, SEC filings, and more.