Preventing employees from stealing data has always been important. After all, theft has always been a part of running a business. However, never has there been a greater sense of urgency in protecting sensitive information. Studies show that employee theft has increased significantly since the recession hit the US; some show over 80% of employees admitting they'd steal data if they knew they'd be fired. Generally, it's kind of hard to get people to admit to something like that, which I take it as an indication that things are really bad (as if we needed another corroborating piece of evidence on the state of the economy).
So what can a company do to prevent employee data theft? Well, a company could start by making sure that they're using data protection software like hard disk encryption and file encryption. It's not just about encryption, though. Consider the following:
(There are other security measures as well: unless your company has gone completely digital, I'd imagine you have paper documents with confidential information. What's the use of securing a computer file if you'd allow a printed document to be stolen? Or for it to be Xeroxed?)
Application control means whether software can be installed by the endusers. The current headache for companies is preventing employees from accessing popular Web 2.0 sites like Facebook. However, the installation of unauthorized software has been a long-running problem that is still of concern today. In fact, a lot of the problems that deal with malware and viruses stem from the fact that things can be installed by the enduser. Prevent the installation of any unauthorized software (you'd have to configure a whitelist of allowed software), and you'd put a serious dent on malware-related problems.
In fact, a lot of the problems that deal with malware and viruses stem from the fact that things can be installed by the enduser. Prevent the installation of any unauthorized software (you'd have to configure a whitelist of allowed software), and you'd put a serious dent on malware-related problems.
Data security solutions like hard disk encryption can prevent a thief from accessing the contents of a laptop computer; however, they cannot prevent an employee, who has access to the same laptop, from copying sensitive information to portable media like a USB disk, be it a flashdisk, a high-capacity external drive, or a disk pretending to be a device, like an MP3 player or digital camera. Even file encryption may not be a solution: the employee could have access to the data as part of his duties, so the encryption doesn't provide protection from the employee if he decides to do something untoward. Ultimately, the problem lies in the fact that the employee can access the data. How to allow him to use it, as part of his duties, while preventing him from copying it? (Of course, ultimately it's a moot point. For example, if you can't copy it, you could display a document on the screen and take a picture, page by page if you're really desperate.) A helpful solution could be the use of USB port control software. This allows an administrator to create a whitelist of authorized devices. So, a company-issued USB stick (encrypted, of course) allows the transfer of materials, while a non-authorized one (such as an iPod) would fail to connect.
Ultimately, the problem lies in the fact that the employee can access the data. How to allow him to use it, as part of his duties, while preventing him from copying it? (Of course, ultimately it's a moot point. For example, if you can't copy it, you could display a document on the screen and take a picture, page by page if you're really desperate.)
A helpful solution could be the use of USB port control software. This allows an administrator to create a whitelist of authorized devices. So, a company-issued USB stick (encrypted, of course) allows the transfer of materials, while a non-authorized one (such as an iPod) would fail to connect.
No security measure is complete if you can't follow up on it. That's why security guards doing their rounds jiggle door knobs: are they locked? You have to follow up, and it's no different for data encryption. Based on local laws, your company may need to know if a computer is encrypted; when it was encrypted; when it was last confirmed as being encrypted; who has access to it; etc. In other words, you need a report. Using managed encryption services like AlertBoot may help in this aspect over free-standing encryption products, since there is no way to centralize the data for the latter. Well, there is, but it would mean a person has to go around collecting all that information periodically. There are two downsides to this. One of them is the cost--why have IT personnel do this when a machine could? The other is that at some point, it's going to get annoying, and a person will skip it from time to time. Preventing employee data theft has never been easy. In the past, the use of barriers, such as locked file cabinets and locked doors, and controlling access to these were the main forms of controlling access to data. The new workplace requires new methods of creating those barriers and new ways of controlling data access.
Based on local laws, your company may need to know if a computer is encrypted; when it was encrypted; when it was last confirmed as being encrypted; who has access to it; etc. In other words, you need a report.
Using managed encryption services like AlertBoot may help in this aspect over free-standing encryption products, since there is no way to centralize the data for the latter.
Well, there is, but it would mean a person has to go around collecting all that information periodically. There are two downsides to this. One of them is the cost--why have IT personnel do this when a machine could? The other is that at some point, it's going to get annoying, and a person will skip it from time to time.
Preventing employee data theft has never been easy. In the past, the use of barriers, such as locked file cabinets and locked doors, and controlling access to these were the main forms of controlling access to data. The new workplace requires new methods of creating those barriers and new ways of controlling data access.
The above three should help you make a dent in your information security woes, but remember: you still need the old stuff as well. Keeping doors locked and sensitive files away from unauthorized personnel is, and will always will be, good data security policy.
Pingback from Preventing Employee Data Theft: Encryption As Well As Other Security Measures - AlertBoot Endpoint Security