What You Don’t Know Really Can Hurt You

Social engineers wait for naïve, untrained staff to fall into their traps.

September 12, 2011
/ PRINT / ShareShare / Text Size +

I was 16 years old when I realized the old cliché, “what you don’t know can’t hurt you” was utterly and unequivocally false.

That’s when a police officer pulled me over for speeding on a new stretch of interstate. While the officer wrote out the ticket, I performed a mental calculation; based on the standard fine of $10 for every mile over the limit, I estimated the fine to be $120.

Pretty steep for my shallow pockets, but he did bust me fair and square.

After the officer handed me the carbon copy of the ticket, I was stunned to read the fine would be $360—triple that of my calculation. Confident the officer made a grievous mathematical mistake I disputed his calculations and demanded an explanation.

He calmly informed me of a new law that tripled fines for violations within construction areas. Despite being surrounded by orange barrels and concrete partitions, I protested earnestly that I had no way of knowing about the law and shouldn’t be held accountable.

Suppressing a snicker at my lame argument, the officer slowly leaned forward to meet me at eye level. In a clearly rehearsed manner, he offered this gem of advice: “Son, ignorance is no excuse.”

Had I been aware of the law and the relevant consequences, I likely would have been more aware of my surroundings, kept my speed in check, and moved through the Subscribe to Credit Union Magazineconstruction zone without incident. So, what I didn’t know really did hurt me.

Without proper security awareness training, most front-line employees at credit unions will be just like my 16-year-old persona: ignorant of the rules, unaware of their surroundings, and oblivious to the consequences.

It’s impractical, imprudent, and quite dangerous to assume regular employees will be able to identify and respond to fraudulent activities without first being educated on how to recognize social engineering techniques.

Fortunately, financial institutions can mitigate their risk exposure from fraud and social engineering in much the same way I mitigated the cost of my speeding ticket: training.

Attending an eight-hour defensive driving class allowed me to get a reduced fine, a less-severe impact to my insurance, and several life lessons that remain ingrained in my memory.

But financial institutions don’t get off as easy. Several years of evidence and comprehensive research around data breach trends prove that financial institutions have too much at stake to wait for an incident to occur before addressing security awareness training.

Next: Two alarming findings

Post a comment to this story

What's Popular

Popular Stories

Recent Discussion

Who Should Be the 2015 CU Hero of the Year?

View Results Poll Archive