One of the reasons security is fun and interesting is that it requires a constant upgrade of your skills and knowledge. Here is a skill that you may not have realised you need, but you need it: Become a master of internet search.
Obviously I'm talking about a lot more than tossing a few words in the Google box and pushing the search button.
I'm talking about understanding how to run very specific searches to find information leaks within your company and outside of it, whether intentional or accidental. Such leaks might come in the form of intentional, outright posting of sensitive information by ex-employees. Or they might be misconfigured or forgotten web applications that weren't supposed to be publicly accessible.
Other searches will help you find websites using your organisation's trademarks for nefarious purposes, or selling counterfeit or gray-market products in your name.
Still, other searches might turn up scraps of information on your own website that reveal information that hackers use to footprint your systems. Overly informative file-not-found error messages, for example.
- How good are you at web search?
- Do you know how to find Excel spreadsheets posted on the web?
- Do you know how to find documents that include key intellectual property phrases?
- Do you know how to winnow broad search results down to just the important ones?
- Do you know how to use Google news alerts and blogging tools to see what's being said about your company?
- Do you know how to find publicly available information as part of an employee background check?
Happily, there is a lot of advice about search on the web. You don't have to take out a student loan and go back to school to learn this skill. CSO
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.