Is Your Blog Leaking Trade Secrets?: Page 2

Posted September 7, 2007
By

Jeffrey Vance


(Page 2 of 3)

What Proofpoint has found is the vast majority of employers don’t worry about time wasting. “If H.R. is monitoring an employee’s online behavior, it’s almost always related to data leakage or the theft of confidential information – not time wasting. The productivity concern is a much lower-tier issue. It won’t cost you millions of dollars in shareholder value.”

Data leaks and data theft don’t necessarily involve online behavior, though. When the VA had its big data-leak scandal, it was due to a single IT employee losing a laptop. The probability of similar events occurring rises proportionally to the lowering costs associated with portable storage.

With multi-GB USB drives on the market now – at low price points – VA-sized risks occur each night as your employees leave the building with GBs of information in their pockets.

“External storage and peripherals need to be managed just as carefully as sensitive applications,” said Philippe Honigman COO and president of the U.S. operations for SkyRecon Systems SkyRecon Systems. “Most USB drives are delivered without built-in authentication or encryption, and the majority of organizations are simply ignoring the risks associated with these devices.”

Preventing Data Leaks Requires a Blend of Policy, Training and Technology

The data-leak problem is large and complex enough to paralyze even savvy IT professionals. However, tools are coming to market that can help.

According to experts, the first step is to develop policies and train employees. “One of the things we tell our clients is that if you don’t have policies in place for blogs, wikis, social networks and the like, then you’re leaving yourself at risk,” Young said. He added that it’s very natural for people to talk about work, and that talk often bleeds into blogs. It’s no different from the corner bar or the church social.

“The problem is the Internet is so public,” he said. “I can spend a little time doing research online and get a very good sense of what’s going on inside major corporations.”

Typically, the policy-and-training mantra is a band-aid. IT security vendors use this cliché to plug the holes their technologies can’t. After all, any security posture that relies on end-user behavior is a risky one.

However, since data leaks can so easily spill into the legal arena, especially when it falls into the IP-theft category, the policy-training approach has quantifiable merit in this case. Organizations that place value on their data will be able to seek larger damages when that data is compromised. They will be able to fire careless employees with cause if those employees make public things they shouldn’t. Clear policies and regular training undermine the “I didn’t know” defense when someone is taken to task for leaking sensitive information.

That said, policies and training can only go so far. Technology is necessary, but many of the tools that help stem the data-leak problem aren’t even security tools.


Page 2 of 3

Previous Page
1 2 3
Next Page





0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.