« Is This How Our Security Should Be? | Main | Unprotected Databases Too Tempting »

Just trying to finish up the list that I started two blogs ago (the first part is right here).

So, continuing with the list of the top five insider threats and how to avoid them:

4) The information leak -- with the proliferation of hand-helds, MP3s, digital cameras, USB memory sticks, along with the numerous external free email services, that it's often way too easy for an employee to walk off with a heeping helping of your company's customer list. A survey in the UK found that a fourth of all employees admitted to copying data onto mobile devices at least once a week, while 40 percent say they use USB sticks to move data around.

To avoid this, companies can use software to specify what devices can be connected to the corporate network along with what data can be downloaded, as it's not difficult to disable a USB port and remore a CD-ROM drive that's not needed. Workers also need to be educated about company data policy, and the company should also consider blocking access to web based email and data-storage services (I guess you could call that Data Theft as a Service).

5) Outright illegality -- A good reason for an employer to take the necessary precautions to prevent computer abuse at work is that, a company is responsible for everything employees do on the computer network (including illegal activities) unless the employer can prove they took certain precautions. Security experts recommend a 2-pronged approach: One, use monitoring software to keep an eye on employees activity, and two, craft an acceptable computer use policy for all employees and make sure the document is signed by everyone.

That ought to do it. And you'll see none of the steps above simply recommend trusting the employees, but as they say, Trust has to be earned, while pretty much everyone gets internet access.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3246