Cell phones, MP3 players, IPods, Instant Messaging, Hotmail accounts - all have come to be considered 'personal technologies'. Each employee usually has at least one and many all. They also have found their way into the workplace as a 'right to use' without administration, since it is their personal property. While you want to show tolerance for an individual's choices, be aware of the threats this choice can involve as well. Your entire data environment can become at risk. Read on to learn about End Point security and just how possible your data may be to leaving the building next to the top 40 song hits on an IPod.
Background
In the early days of personal computers, data files were transferred either by a dialup link or a floppy disk. Now there are a multitude of options to store and port data - flash drives, internet, email, IM, DVD and on. Many companies are beginning to develop strategies to monitor some of the more obvious methods of data transfer through email. Some are beginning to acknowledge instant messaging as a threat.
In order to have a cohesive defense, all access points need to be effectively controlled or the battle could be lost. What are still being widely overlooked are 'personal lifestyle devices' that are now common among workers (i.e. MP3 players, IPods, cell phones, cameras). Almost every digital device today comes with gigabytes of storage capacity. Files can easily and quickly be uploaded or downloaded with these devices. How many of your sensitive documents can fit onto a two gigabyte device?
Two risks are apparent with these types of unregulated data transfers.
1. Virus, malware, spyware or bots can attach to a file that may be uploaded to your system from one of thesedevices. Recently a digital camera was discovered as the culprit for a rash of infections on corporate data networks. The manufacturer had a disgruntled employee who embedded a virus in the cameras OS. Every time a download or upload of photos took place, the virus proliferated to a new network.
2. Data leakage. Imagine if your customer list or product design specs are resident on an employee's IPod device. Perhaps this is an innocent motive of merely wanting to work on something at home. Maybe it is not. This could also be a clandestine way to port out the data right in front of the company.
In the UK, policy has been implemented that puts all personal media devices at risk of confiscation if suspected of data theft. Are you ready to collect everyone's cell phones, MP3 players, cameras and on for an audit or scan that could take days/weeks? If not, then what alternative measures can you take to alleviate this type of risk?
Actions to Take
The costs of data leakage can vary from loss of market advantage to a PR disaster and damage to your company's reputation. What can you do to deal with this 'pocket theft' type of threat?
* Develop Policy. What is your position on personal use of cell phones, MP3 players etc in the office? What about interfacing with the company workstations (ie music downloads, picture uploads)? What are the consequences if attempted? This needs to be developed and broadcast as employee policy and not IT procedures. Documented attempts at awareness are critical to any enforcement efforts.
* Implement technical constraints. Software solutions are now available to prohibit or allow access to data via selected devices or employees. The solutions can also tell you where you are vulnerable and who is pulling or uploading data and from which device. This type of monitoring is becoming more critical to safeguard your data sets.
Remember if you lock all the doors but one, you are still exposed.
iTheme Techno Blogger by Black Quanta. Theme & Icons by N.Design Studio. Distributed by Free XML Templates