G 0.20 Information or products from unreliable sources

If information, software or equipment is used that comes from unreliable sources or whose origin and correctness have not been sufficiently verified, its use can pose significant dangers. This can among other things result in business-relevant information being based on incorrect data, calculations producing incorrect results, or incorrect decisions being made. Likewise, the integrity and availability of IT systems can be impaired.

Examples:

• A person can be tricked by emails whose origin they have not verified into performing certain actions that may be detrimental to them or others. For example, the email may contain interesting attachments or links that, when clicked, result in malware being installed. The sender address of the email may be forged or imitate that of a (personally) known person.
• The assumption that a statement is true because “it’s in the newspaper” or “it was broadcast on TV” is not always justified. This can result in false statements being incorporated into institution-critical reports.
• The reliability of information distributed over the Internet varies widely. If statements are adopted from the Internet without further source verification, this can result in incorrect decisions.
• If updates or patches from untrustworthy sources are installed, this can have undesired side effects. If the source of software is not verified, there is an increased risk that IT systems will be infected with malicious code.