Five Tips to Protect Yourself Against Your Employees: Page 2

(Page 2 of 2)

3) Access control and monitoring

Okay, you’ve got your policy, but is it being followed? “More importantly, there are industry regulations that require you to demonstrate compliance,” Solanki says. An airtight security infrastructure will block access, and it will also record the user, the time, and attach the document that he or she is trying to print.

Related Articles
Is the Mac Really More Secure than Windows?

Web 2.0 Security: Application Scanners

Spam Bust: The Lessons of Yesmail

Russia's Export To America: Malware

FREE IT Management Newsletters

Solanki describes this process with a tone of satisfaction right out of an episode of TV show CSI: “forensic evidence.”

This policy can be tighter still for employees who management identify as “at risk,” or who are about to leave the company. For these workers, some companies set up a system that records every single contact this individual has with sensitive data. “It can be done in a quiet mode, or in a more visible way that prevents the employee from doing it, and it pops up a screen,” he says.

4) Monitor and prevent installation and usage of unauthorized applications

“One of the biggest threats is that when I go to visit a seemingly innocent Web site, behind the scenes a keylogger is being installed on my laptop – that is the No. 1 issue today,” Solanki says. This keylogger allows a hacker to perpetrate identity theft by stealing all of an individual’s passwords.

“The identity theft business has gotten so sophisticated that if I wanted to rent a botnet – an army of infected machines – I can do that for a dollar a day per PC,” Solanki says.

Safeguarding against authorized apps includes building a tough line of defense on the front lines: all your workers’ PCs must have tough anti-virus and anti-spyware, and ironclad technologies to prevent the installation of a botnet app.

5) Educate and train your staff

Companies have wide latitude in terms of how they enlist their workers in security efforts. The stringency of these effort can range from a pop-up that informs users they’re breaking company policy (which Solanki notes that many users ignore) to iron-wall pop-ups that block action.

To be sure, staff training is urgently needed in battling security threats. For example, many security administrators were aghast that employees kept opening emails whose subject line was “I Love You” – long after it was identified as part of a massive virus attack. Clearly, employees represent a loose link – maybe the loose link – in the security chain.


Page 2 of 2

Previous Page
1 2
 



Tags: Windows, security, Google, DRM, policy


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.