Over 70% of security breaches now occur within the company. What steps are you taking to stop data walking out the back door?

There can be no denying that IT security is a priority for organisations of all sizes. Anti-spam, anti-virus, firewalls, the list is endless. The common misconception remains, however, that the biggest threats for business originate outside the corporate network. This simply isn’t true today. Over 70% of security breaches now occur within the company. Whilst perimeter security is essential and well understood, the fact remains that many organisations have still not addressed the very real risks associated with ‘internal’ security threats.

Data is the lifeblood of any organisation and difficulties arise when you consider businesses cannot afford to keep this data under lock and key. Whilst protection is essential to ensure only authorised access, organisations do not want to have to fortify information to the point where it impedes business productivity. The reason is simple: businesses today have less solid boundaries than ever before. Companies need to share data with employees, partners or customers; which means there are now more points of vulnerability in IT defences, than ever before.

This problem is magnified tenfold, though, when you combine this dependence upon IT to conduct business with the astonishing proliferation of low-cost, high capacity personally owned, ‘lifestyle’ devices such as USB sticks, PDAs, MP3 players, digital cameras and mobile phones. Each of these devices is capable of transferring a business-crippling virus onto the network or removing confidential information from it.

When you see an employee uploading songs to their iPod, do you see a contented member of staff making the most of the 10,000 tracks it can hold, or do you see your entire network crashing because of the Trojan horse that’s just been introduced? When a salesman uses a USB stick to share data with a prospect, is he giving them the latest product spec to maximise his chance of making the sale – or is he passing on confidential employee data to a competitor?

Whatever policies are in place governing the treatment of sensitive data, the fact remains that humans will make mistakes. Confidential data can never be completely safe and your network will continue to be at risk from malware brought in from the outside. Organisations, therefore, need to ensure that all technological methods of protection are in place in order to minimise the risk.

There are three simple steps that can safeguard an organisation’s data from malicious or accidental disclosure and protect the network from external threats such as viruses. They can often be implemented with just one piece of technology:

• First, restrict the use of portable storage devices to only those who have a genuine need
• Second, ensure sensitive data is guarded while in transit by using encryption
• Third, get full visibility of all device connections and data transfers across the network

Breaking this down into more detail demonstrates how these steps are crucial, yet manageable. Regarding the first step of restricting access to portable devices, some have championed the area of data stewardship, where only the most senior executives have access to confidential files. But is this really practical? It seems highly unlikely that organisations would find this workable. For example, few doctors would agree to diagnose a patient without looking at their medical history first, and administration staff would be unable to distribute prescriptions without knowing the patient’s information. The key is not to restrict access to data but to ensure that data is only transferred to devices when the staff involved have a

You do not have flash or javascript support.

Average (2 votes)

Reply