Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Securing against insider threats

InfoSecurity Europe : 01 April, 2009  (Special Report)
Sacha Chahrvin of DeviceLock explains the extent of insider threats to data security and how to mitigate against them
See our events guide listing for more details

The demands of the modern workforce are changing rapidly. It's now a mobile business world, laptops now outsell desktops, wireless is outpacing wired and your average smartphone can do almost anything.

Not so long ago - when businesses were solely run out of an office - it was easy for employers to keep track of their staff and know that everything from the stationary to their confidential information was kept under one roof.

Nowadays, staff can work wirelessly and remotely, business is global and employees expect to work with a myriad of different appliances and gadgets - many of which are capable of storing anything from customer databases to family albums.

The trouble with all this mobility is that it's not secure. The standard anti-virus and network access control is not enough nowadays. Mobility, in all its weird and wonderful forms, jeopardises business security - and it's a growing problem.

Recent research has revealed that UK companies trail behind those in Germany and the US in the implementation of policies to prevent data leakage. It also showed that UK end users are less likely to know what type of information is confidential and rarely receive training on data policies.

There is a growing concern that IT networks are becoming too vulnerable to threat from the very thing that they are trying to incorporate - the remote device. The proliferation of iPods, smartphones, PDAs and USB sticks mean that most employees now have personal devices that can store huge amounts of data.

A survey of more than 1,000 UK workers found that 60 per cent admitted to theft of confidential documents, customer databases, business contacts or sales leads. So how do IT managers start to manage the security threats that are raised from these devices?

Pinpointing areas in the business where mobile storage devices are used regularly is important, this means that you can focus your plan of action accordingly.

Data loss is either on purpose or by accident, so there needs to be a concerted effort, through training and seminars, to convey the importance of data protection and the legal implications of data theft.

Restricting who can access what information can help to control the movement of important data. The easier data is to copy, the harder it is to control, so making sure that the right levels of access are being granted to the right people is important - encrypting data on mobile devices is also a useful measure.

In the US, many companies do not allow staff to enter the workplace with personal devices that have storage capacity. This is becoming an increasingly common business practice, but it's not failsafe. Investment in technical controls in order to monitor and prevent data being copied and printed without a trace should be the key ingredient of the strategy in managing the threat of data loss.

Endpoint data security enables businesses to allow staff to carry sensitive data in laptops and USB sticks without making data access inflexible and protracted. And this is the balance that IT departments are looking for. The workforce demands easily accessible data at the touch of a button, and the IT department would ideally like sensitive data to be totally secure - which would be impractical for modern working. Additional password authentication will help control who accesses certain systems, and endpoint security software can secure the company's hardware from theft, or malicious attack through a USB port.

It is not necessarily a struggle for IT security to keep up with all these gadgets and devices, but it is a struggle for them to keep up with how we choose to use those items. Educating employees to try and alter their habits is vital as long as it coincides with the implementation of user friendly security measures such as endpoint security, two-factor password authentication or even James Bond style tracking technology for the most forgetful!

DeviceLock UK is exhibiting at Infosecurity Europe 2009, the No. 1 industry event in Europe held on 28th - 30th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo