Streamyx Streamyx Malaysia

Friday, May 2, 2008

That's Not an IPod in the Office Anymore - It is Now a Data Leakage Threat

Cell phones, MP3 players, IPods, Instant Messaging, Hotmail accounts - all have come to be considered 'personal technologies'. Each employee usually has at least one and many all. They also have found their way into the workplace as a 'right to use' without administration, since it is their personal property. While you want to show tolerance for an individual's choices, be aware of the threats this choice can involve as well. Your entire data environment can become at risk. Read on to learn about End Point security and just how possible your data may be to leaving the building next to the top 40 song hits on an IPod.

Background

In the early days of personal computers, data files were transferred either by a dialup link or a floppy disk. Now there are a multitude of options to store and port data - flash drives, internet, email, IM, DVD and on. Many companies are beginning to develop strategies to monitor some of the more obvious methods of data transfer through email. Some are beginning to acknowledge instant messaging as a threat.

In order to have a cohesive defense, all access points need to be effectively controlled or the battle could be lost. What are still being widely overlooked are 'personal lifestyle devices' that are now common among workers (i.e. MP3 players, IPods, cell phones, cameras). Almost every digital device today comes with gigabytes of storage capacity. Files can easily and quickly be uploaded or downloaded with these devices. How many of your sensitive documents can fit onto a two gigabyte device?

Two risks are apparent with these types of unregulated data transfers.

  1. Virus, malware, spyware or bots can attach to a file that may be uploaded to your system from one of thesedevices. Recently a digital camera was discovered as the culprit for a rash of infections on corporate data networks. The manufacturer had a disgruntled employee who embedded a virus in the cameras OS. Every time a download or upload of photos took place, the virus proliferated to a new network.

  2. Data leakage. Imagine if your customer list or product design specs are resident on an employee's IPod device. Perhaps this is an innocent motive of merely wanting to work on something at home. Maybe it is not. This could also be a clandestine way to port out the data right in front of the company.

In the UK, policy has been implemented that puts all personal media devices at risk of confiscation if suspected of data theft. Are you ready to collect everyone's cell phones, MP3 players, cameras and on for an audit or scan that could take days/weeks? If not, then what alternative measures can you take to alleviate this type of risk?

Actions to Take

The costs of data leakage can vary from loss of market advantage to a PR disaster and damage to your company's reputation. What can you do to deal with this 'pocket theft' type of threat?

  • Develop Policy. What is your position on personal use of cell phones, MP3 players etc in the office? What about interfacing with the company workstations (ie music downloads, picture uploads)? What are the consequences if attempted? This needs to be developed and broadcast as employee policy and not IT procedures. Documented attempts at awareness are critical to any enforcement efforts.

  • Implement technical constraints. Software solutions are now available to prohibit or allow access to data via selected devices or employees. The solutions can also tell you where you are vulnerable and who is pulling or uploading data and from which device. This type of monitoring is becoming more critical to safeguard your data sets.

Remember if you lock all the doors but one, you are still exposed.

We work with companies to assure their data and messaging is in compliance and secure. Our solutions are state of the art, quick to implement, cost effective and provide the comfort to know your data is secure. A phone discussion is a great way to assess your environment and what would be the best action plan. Visit our website Enclave Data to learn more.

You have the responsibility to maintain your company's digital environment, with the right tools you can now also have the control to assure compliance and protect your company's assets.

Dan Schutte is the President of http://enclavedata.com specializing in messaging security, content filtering, anti-spam software, email/IM archival and compliance. Visit our http://www.enclavedata.com to read actual Case Studies of how companies have successfully protected their data network and met compliance requirements. Free trials and downloads are available on all of our products to assess the vulnerability of your data environments.

Please feel free to republish our articles, provided a working hyperlink remains to our site

Streamyx
Streamyx Malaysia
Streamyx
Streamyx
Streamyx modem
Streamyx
Streamyx
Streamyx
Streamyx
Streamyx

0 Comments:

Post a Comment

<< Home