By Carl Blackett, ICT Security Architect, Norfolk County Council
All organisations have processes and procedures in place to deal with this type of incident (some more mature than others) occasionally people can get it wrong leading to some headline making data breaches or website defacements. We live in an age where the threat of attack is so well known it features in news articles and television ‘specials’ so is it beneficial to IT departments to have users with such heightened awareness?
Put simply, yes this is always beneficial. Anything that stops a person from clicking an attachment because they think they may get to view something scandalous or that internal document they are meant to see can only be good. What these processes and procedures need is a second level of checking by IT staff from the corporate help-desk to the desktop support engineer to ensure when the ‘panic button’ is pressed it is done for the right reason.
Sometimes, taking a ‘step back and pause’ before pressing the ‘panic button’ can be the best policy.
Case in point is a recent ‘hacking attempt’ or ‘virus’. A person was experiencing some strange behaviour from their PC during routine daily tasks. These tasks are performed regularly and the process is easy to follow involving nothing more than coping and pasting between documents and spreadsheets.
Suddenly there was some unusual activity noticed, the word documents began to ‘fill themselves in’… Random words were appearing which the end user was not typing. Which virus was this? Who was remotely accessing their PC? These 2 questions prompted an immediate call to the service desk. When the words ‘virus’ and ‘hacking’ are used by end users people start to reach for the panic button.
A quick conversation with the person in question established a few extra facts. The previous work involved copying and pasting between documents and during this “A strange microphone icon was present which had not been seen before”…
Now, all windows users are aware of keyboard shortcuts, CTRL + C for copy and CTRL + V for paste. What if the user has accidentally pressed the ‘windows’ key + V instead of CTRL? This activates the microphone and I think you can see where this is leading.
A simple case of switching the microphone off resolved this ‘virus’ or ‘hacking attempt’ and allowed the user to continue their work, but without the ‘step back and pause’ the outcome could have resulted in a waste of resource to investigate and rebuild PC, not to mention the inconvenience to the user when they would have no doubt been asked to change all passwords “Just in case”.
Sometimes a little more conversation can result in the same resolution to an issue without the need to spend precious cash and resource investigating.