Five Tips to Protect Yourself Against Your Employees

Forget hackers, a company faces a sprawling security threat from the people inside the firewall – its own workers.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

(Page 1 of 2)

That mid-level executive who walks out of corporate headquarters with a flash key that holds reams of sensitive data doesn’t feel like a hacker. But when – whoops – he leaves it on the kitchen table, your firewall has been compromised.

And when it’s picked up by his teenage son, who inadvertently downloads it to his hard drive (where it’s sucked up by spyware and sold to operators in Eastern Europe) the affect is worse than many hack attacks.

The scenario may seem farfetched, but similar tales make headlines on a regular basis: the lost laptop, the accidental emailing of personal information. Vast storehouses of sensitive data are released due to employee carelessness (or employee malfeasance). Your expensive firewall is rendered worthless.

Related Articles
Is the Mac Really More Secure than Windows?

Web 2.0 Security: Application Scanners

Spam Bust: The Lessons of Yesmail

Russia's Export To America: Malware

FREE IT Management Newsletters

More and more, companies are coming to a sobering realization: their own staff represents a sprawling security threat. In a recent report, McAfee CTO Christopher Bolin summed it up: “Unfortunately, be it deliberate or accidental, the reality is that today’s workforce is posing a serious security threat to corporations, one with the potential to damage a company’s brand, reputation and even entire business.”

Tightening Your Internal Security

The difficulty of safeguarding against your own employees, of course, is that they are inside the firewall. There’s no way around giving at least some employees at least some access to confidential information.

So what’s a company to do? To address that, Datamation spoke with McAfee executive Vimal Solanki, who noted that tightening up internal security involves two broad concepts: A) Defining security rules and policy (which includes defining exactly where your data resides – and where it shouldn’t reside), and B) Enforcing that policy.

Specifically, Solanki detailed these five points from McAfee’s report on improving internal security:

1) Develop, enforce, and ensure compliance of security policy

Step One is always developing a specifically defined security policy, and the McAfee report found that 84% of companies have done this (which makes you wonder about the remaining 16%).

A big part of this task is deciding who has access to what: the CEO obviously has total access to all documents, with access privileges tightening as you move down the hierarchy. Since even low-level employees need some sensitive data, the policy must define how – precisely, down to the night watchman – this information will be archived and distributed.

2) Safeguard data at every stage

A secure company looks at all channels of how data can leave the perimeter. The channels are divided into three areas, Solanki says: physical, network and application.

• “The physical is, once you have the right policy, you should be able to prevent printing of the document,” he says. “I shouldn’t be able to copy it to a USB drive or my external hard drive.”

• Network: “I shouldn’t be able to transmit this over my wi-fi connection when I’m in Starbucks, or just put it over an http transfer.”

• Application: “Once I have the data, I shouldn’t be able to email it, or put it on an instant messenger. I shouldn’t be able to use my Yahoo or Google personal email to send it out.”

Your protection must travel with your data. Not only should a staffer be policed at work, ‘But I should have the same policy when I’m sitting at a Starbucks,” he says. Ideally, even an employee sitting on a plane who attempts to access his email archive in prohibited ways will be blocked.

Page 1 of 2

1 2
Next Page

Tags: Windows, security, Google, DRM, policy

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.