Think your data is secure?

Home » News » Newsletter back issues » Issue 2 January 2009 » Think your data is secure?

Think your data is secure? Think again!

laptop in chainsEver considered how easy it would be for a member of staff to copy all of your corporate data to a device and remove it? If it’s something that you hadn’t considered before, then it might be time because it’s easier than you think.

Floppy drives and CDRWs used to be the only worry, but the threat is ever growing. Endpoint security is a hot topic in the IT industry with most employers being worried about staff breaking away and starting on their own, but employers need to safeguard their valuable data to avoid it leaving the business unauthorised.

Unfortunately, many businesses are unaware of or ignore the threat until something actually happens. While most companies have anti-virus software, firewalls, email and web content security to protect against external threats, few realize how easy it is for an employee to copy huge amounts of sensitive data onto an iPod or USB stick. There is also a risk of viruses or malware and illegal software being introduced onto networks when external devices are introduced.

So today, if a disgruntled or malicious employee wanted to steal all of his (or her) employer’s data, then how would they go about it?

  • USB Devices
    e.g. USB Pens, USB Disks, Cameras, Phones, IPOD’s, Blackberry’s, mobile phones, smart phones.
    Just plug them in and copy away, you don’t really need to be that clever to take data using one of these devices and size is not a limitation; some of these devices can eat up terabytes…

    How do I stop this?
    By disabling USB/Floppy/CD/DVD drives you can stop the threat. A lot of software exists that is clever enough to allow things like keyboards and mice to work but blocking anything which has the capability to remove data.

  • Desktop Control Software
    e.g. Gotomypc, logmein, VNC.
    This software is designed to allow people to remote control their PC from anywhere in the world which is a great advantage in the right hands. However, in the wrong hands staff with ill intent can load this onto their PCs and access their systems with out any know-how or permission.
    And, more worryingly, Staff don’t even have to be in the office to cause such a problem. Instead of trying to steal corporate data while they are in the office, they could install this free software onto their PC and then access it when they get home. Whilst no one is around in work to see what they are doing, the rogue staff member could simply connect up and transfer all of the corporate data across the Internet at night.

    How do I stop this?
    There are a few measures to stop this kind of threat: Use a firewall/internet access system to block the above sites before the employee accesses them. Record internet access so that you can keep a record of where your staff are going and what they are doing.
    Lockdown your PCs to make sure your members of staff have ‘permission-based access’ to their PCs – i.e. only give them enough rights on their PCs to do their jobs effectively – avoid full admin rights wherever possible.

Contact Circle IT today on 0870 428 3582 to find out about our Security & Strategic IT Audits.