It is interesting to read some of the dangerous day to day information practices employees take part in that can lead to security breaches.  For example, with email,  email forwarding, auto reply, HTML email, and instant messaging can lead to problems for a corporate system.  The email forwarding can contain viruses and clog up the system. Auto reply will send replies to any and everyone which can help spammers to verify email addresses.  HTML email can hide use of malicious offsite applications and instant messaging systems are often un-secure.  Employees also must be careful with their sharing of information.  Hidden excel columns can be easily unhid to show confidential information.  Peer to Peer networks can be used to unknowingly download viruses and free downloads can pose as security hazards.  Employees should not allow others to use their computers or information devices and public wireless networks should be used with care, personal firewalls, password protection and encryption.  All of these must be known by employees as unacceptable use of the network.  Without training or distribution of this information, employees don’t know that these can pose a risk to the network.

 Since knowledge is the key to fighting these types of security threats, I decided to find out what the most recent email hoaxes have been.  Sophos has a list of the most recent as well as the most prevalent hoaxes.  Principals and Practices of Information Security by Volonino names jdbgmger or the (Teddy Bear Virus)  hoax is one of the most common hoaxes.  The site still shows this hoax to be the 8th most prevalent hoax.  It is interesting to see that this hoax is still so prevalent after a few years.  And I know that I have gotten the Visa and MasterCard telephone credit card scam chain letter a few times.  Some of these have been from friends or family.

Over the past few years, I have become increasingly more skeptical about any emails I get from people that looks like a chain letter.  Every time I get one of these letters, I have started checking the email online to see if they are real or hoaxes.  About.com has an Hoax encyclopedia that is very useful and usually if you take the email subject and google it, you can get some great information.  I guess what I’m trying to say is the best defense against these kind of scams is scepticism.