Are there loopholes in your organization's data security?

In a previous post, I mentioned 26 ways (just the tip of the iceberg, really) of how your users can take sensitive information out of your organization. Some of you already know about these methods and have already taken steps to prevent them, through the implementation of Endpoint Security Solutions.

However, as many of you know, users can be very enterprising and creative if they want to get information out of office, be it for legitimate reasons or not.Here are some key features Endpoint Security Solutions have together with the methods some employees use to bypass them:

Device Control
Often times, what is good for productivity is exactly what is bad for security. This is especially the case with the proliferation of personal devices users can plug into their Endpoint PCs to extract information. Moreover, transfers are getting even speedier these days with the introduction of USB 3.0, Thunderbolt and smart mobile devices now can easily transfer such information anywhere on the internet, almost instantaneously. 

By limiting or completely blocking all physical devices from being used, apart from those authorized by the organization (most organizations allow employees to get these devices on "T-Loan" or temporary loan), organizations have greatly limited the ease at which sensitive data that can be taken out of the organization.

Even then, there are some loopholes:

1.) Device Control alone does not prevent users from using the internet to send out information. With the speed of the internet these days and how quickly this information and be spread, it can be even more damaging than if information was taken out through devices.

2.) Users "T-loaning" or loaning company issued devices (e.g. flash drives or hard disks) usually sign a form to obtain approval from their superiors to make the loan, stating the purpose of their loan. While this is a deterrent to the uncontrolled outflow of sensitive data,  there are weaknesses. For instance, if there are no systems like file tracing in place to trace what is really taken out, there is no telling whether the employee is using the flash drive for the purpose he stated in his application.


Like this article? Rate it!

Related Articles