Often, weâ€™re our own worst enemy.Â We do things that make us a likely target for blame.Â In other words, weâ€™re on the suspect list.Â We receive the blame when something goes wrong because of our actions or the access we maintain.
The best strategy is to keep yourself and other off of that list.Â First of all, it disrupts the investigation into finding the true source of the problem.Â Second, it causes others to distrust those on the suspect list, even if they’re innocent.Â The best way to prove innocence is to have a clear name from the onset.
Often security professionals and IT managers have access to many systems, applications, or facilities. They believe itâ€™s required because of their position or responsibilities.Â The problem is that having access often puts them automatically on the suspect list.Â Many times Iâ€™ve been accused of involvement when there were network issues.Â â€œWere you running one of your security scans again?â€ is a common question aimed at me just because I have the ability to run scans, not because I necessarily did.
Often, other activities may add us to the â€œsuspect listâ€, such as browsing the Internet, transferring documents from home to work and vice versa, clicking on links in email, or installing freeware or shareware applications on a work computer. While theyâ€™re not always bad activities in and of themselves, these actions do have potentially dangerous consequences.
Here are five things you need to do to keep yourself off of the suspect list:
1. Limit your access.Â This is the concept of least privilege.Â If you donâ€™t need it or donâ€™t use it every day, disable or delete your access to it.
2. Only use administrator privileges when you administer the system.Â If youâ€™re always logged in as an admin, then youâ€™re just asking for trouble.
3. Freeware isnâ€™t always free and shareware may mean you’re sharing more than the program.Â Finding programs on the Internet may save money in the short run, but they occasionally contain hidden malware than can take down your system.
4. Think before you click.Â Be aware of where you go on the Internet.
5. Keep your secrets secret.Â If you allow others to use your login id or badge, then that person is you and youâ€™ll be on the suspect list if something goes wrong. Badges and passwords are like kleenex; itâ€™s not cool to share.
Securityâ€™s objective is to keep people off of the suspect list.Â We know that the great majority of our work force wants to do whatâ€™s right.Â We want to help you.Â Like the police, our objective isnâ€™t to get you into trouble, but to keep you out of trouble.Â Consider what you should do to keep yourself and others off the suspect list.Â It will make your life much easier.