Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Social Responsibility's Strategic Benefits
December 15, 11:30 AM - 12:30 PM US/Eastern (GMT-5)
Join Ed Granger-Happ, CIO of Save the Children, for a discussion of how creating an organization that is socially responsible improves staffing, retention, leadership development and overall corporate health.
Working With and Communicating to Your Board of Directors
January 13, 2009, 4:00 PM - 5:00 PM US/Eastern (GMT-5)
CIO panelists who will share tips and experiences working with their boards: Twila Day of SYSCO; Jeff O'Hare, West Corp.; Marc West, formerly with H&R Block.
IT's Role in Growing Mid-Market Companies
January 14, 4:00 PM - 5:00 PM ET (GMT-5)
Mid-market Council members will share their companies' stories and challenges in driving or coping with growth. Panelists represent Veterinary Pet Insurance, Medicis Pharmaceutical, and Intrax Cultural Exchange.
Learn more about the CIO Executive Council »
Apply today for a FREE subscription to CIO Magazine!
Stop End-Users Before They Click Again on Risky Websites
Educating users won’t prevent them from giving up info to fraudsters. Take them out of the loop.
June 11, 2007 — CIO — You may need to wait a minute for another sucker to be born, but you can find one anytime you want online.
In a recent MIT-Harvard study to determine online gullibility, 36 percent of test subjects logged in to their online bank accounts despite being presented with a strong warning page saying that their bank site’s security certificate was not valid. Not one person noticed when HTTPS, the secure form of HTTP, was stripped away—they offered up their passwords anyway.
Although our instincts tell us that better education might have saved these users from themselves, there is a growing consensus among researchers that education will never stop many people from clicking when they shouldn’t. The problem, says Markus Jakobsson, a security consultant and associate professor of informatics at Indiana University, is one of focus. “When people go online, they are focused on other things besides security,” he says. “They want to pay their bills online or talk to their friends. People don’t pay attention to security clues online.” Even when, as in the MIT-Harvard study, they are reminded to pay attention to warnings.
Meanwhile, the kind of information that lulls victims into a false sense of security is still widely available online. In a 2005 study, Jakobsson was easily able to find the Social Security numbers and mothers’ maiden names of millions of Texans online. “When the e-mail comes with your mother’s maiden name already in there, it’s a lot easier to click,” he says.
So what to do? Some suggest issuing new passwords through small electronic fobs called tokens each time someone logs in to a site, or requiring account holders to verify withdrawals via a cell phone call. But both solutions are costly, complex and potentially inconvenient to customers. The best answer may be to relieve home computer users of responsibility for computer security.
Already, some ISPs are offering security software as part of their subscription pricing, judging that the extra cost is more than balanced out by reducing the risks they face from the pipe-clogging spam and malware. With 2.4 million unsecured broadband connections in the United States today, according to Consumer Reports, it may be time for the IT industry to face that consumers will never close the security gap by themselves. To the extent that end-user companies could be liable for their customers’ inaction, they need to weigh the risk of leaving the responsibility for managing security in the hands of customers who may never do it adequately.
Other stories by Christopher Koch © 2008 CXO Media Inc.
IT Service Management: Metrics That Matter
Operational Excellence Is Key to Maximizing IT Investments
Configuration Assessment: Choosing the Right Solution
Beat your competition to the punch with faster, more cost-effective product lifecycle management.
Service Dependency Mapping
Business Process Utility: Accelerating Change Through Standardization
Constructing Partnerships That Work
Remote Infrastructure Management - What Your Peers are Thinking
The Power of Telepresence
IT Risk Management: Preparing for the Perfect Storm
IT Cost Transparency & Performance Management for Optimizing IT
Into the Wild: Managing Laptops Outside the Office
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Microsoft Confirms Yahoo'S Lu to Run Online Services
Facebook, Google Launch Data Portability Programs to All
Microsoft Confirms Yahoo'S Lu to Run Online Services
I2 Technologies Nixes Merger Agreement with JDA
IBM, Canonical Release 'Microsoft-Free' Virtual Linux Desktop Bundle
SAP Exec: Belt-Tightening to Continue, but Business Better
Mystery Shopper Site Settles with FTC
Server Virtualization: Gartner Predictions Through 2011
Vista SP2: Six Things You Need to Know
Intel, Google Asked to Help Revise EU Data Protection Laws
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
- CIO|
- Computerworld|
- CSO|
- DEMO|
- Game Pro|
- Games.net|
- IDG|
- IDG UK|
- IDG Connect|
- IDG Tech Network |
- IDG World Expo|
- Industry Standard|
- InfoWorld|
- ITworld|
- JavaWorld|
- LinuxWorld|
- MacUser|
- Macworld|
- Network World|
- PC World|
- Playlist|
- CIO UK|
- CIO Germany|
- CIO China|
- CIO Sweden|
- CIO Australia|
- Other CIO Sites
