Securing Against Internal Data TheftSecuring Against Internal Data Theft

Significant amounts of time, resources and effort are put into securing the network perimeter; however this leaves a "soft" network center which is an attractive target for internal hackers and thieves. There is no better example of an internal security nightmare than the Wikileaks "Cablegate" affair, where a lowly clerk in the US Department of Defense is thought to be responsible for the electronic theft of over 250,000 secret, confidential and certainly sensitive diplomatic cables from US Embassies all over the world.

Protecting company information and data involves more than establishing secure firewalls and security at the gateway. Security is a state of mind rather than a piece of hardware or a complicated software solution. Every company should reassess what the risk to company data is, and the potential threats they face.

Internal threats come in the form of company staff, contractors with access to the network and opportunistic thieves. The threat is intensified because modern memory storage devices can hold immense amounts of data, but at the same time, downloading information is extremely fast. It will take seconds for an USB stick to be attached to a desktop PC and download company financials, projections, market estimates, opportunity and risk analysis, payroll data, email archive or your entire customer database.

Mobile storage devices are not restricted to USB sticks either; Smartphones have storage capability, a USB storage device may be part of something as simple as a wristwatch and even an iPod can be used to steal data off the network.

The issue becomes how do you control use of mobile storage devices and the practical answer is that you cannot, at least, not effectively. There will always be instances where staff productivity requires they be allowed to use USB sticks to transfer information and carry files and company information, so how do you secure your data against an internal threat?

The solution is to implement policies for staff and external parties to follow when using your network and accessing your data. Mobile storage devices can be restricted, and there are IT solutions to manage their use, however even with a highly secure network, there will always be security holes which can be exploited.

There should be strict access policies so that data is only available to those who actually have a real need. As one commentator has put it with the Wikileaks saga, sharing "secret" information with 3 million users means they were never secrets to begin with. Where and how you store your information is also an issue; the US government agencies involved, notably the US Departments of State, Homeland Security and Defense, were trying to "share" information to avoid missing out on opportunities to capitalize on intelligence assets. The unintended, but foreseeable consequence was that sensitive information which many of the millions of users (over 3 million) had no need to access in any situation.

The Cablegate case also demonstrates how data needs to be properly classified as well as managed. One criticism of the US government's handling of the security exploit is that so much of the information was classified as confidential or secret, when in fact it was nothing of the kind. Restricting information for the sake of it may have political and civic issues, but another viewpoint is that information was not appreciated for what it actually was. When you classify all data as sensitive, it becomes easy for people to take security for granted when you are protecting the names of the company bowling team or the birthday list for employees.
by L.J.T. Reaves
References and Bibliography
Lawrence Reaves - Richmond IT services such as Richmond network security and Richmond cloud computing. For these services, Lawrence recommends PLANIT Technology Group, a Citrix technology partner. PLANIT Technology Group can be found online at: http://www.PLANITTech.com
Rated:NR/0 Votes
1 Views
Add To My Article Reading List
Add To My Article Reading List
Print Article
Print
More Article By L.J.T. Reaves
More Article by L.J.T. Reaves
Share
More Articles From Security
More Articles From Security
Related Articles and Readings
Internet Security and Personal Data Theft Prevention By: Mark Berger
Who CAN you trust? With the Internet expanding at an alarming rate, there are some places on the web that resemble a dark back alley: an area you simply wouldn't tread for fear of personal safety and security. But it's hard to tell when you should be aware of your ...
How to Secure Your Data in the Office Network By: Simona Rusnakova
The data of any company is essentially the infrastructure on which all the organizational activities rest Information is the key to any operation in the commercial world and this makes it an extremely valuable ...
UPS Delivers the Goods Your Identity By: Lance Winslow
Well now we add CitiGroup and UPS to the Identity Theft corporations who have allowed Americans identity to be lost. Each time we have another identity theft case, we find larger and large numbers being lost. We have hear of some of them; Petco, choice Point, LexisNexis and the Citigroup, ...
The Federal Trade Commission Overview for Fiscal Year 2007 By: Lance Winslow
In the FY 2007 Budget Request for the United States Justice Departments Federal Trade Commission; the FTC put forth several examples of their achievements to protect the consumer. In the report to congress and the over view that followed the Federal Trade Commission stated that it had been working to ...
Protecting Consumers In the HighTech Environment at the FTC By: Lance Winslow
The Federal Trade Commission in a recent report to congress to justify their budget request for FY 2007 stated that they had taken the lead in protecting consumers from identity theft. When in fact all they have done is fine the ever-living crap out of the corporations who were victims ...
The information provided in this article and/or the comments is the sole responsibility of their respective authors and does not necessarily reflect the opinion of ezinepost.com. ezinepost.com  does not endorse any article and/or comments published by our web users unless otherwise noted. 

Member Panel

login to submit articles and more

StatisticsEZINEPOST.COM

  • » Active Categories: 419
  • » Active Articles:252603
  • » Active Authors:31917
  • » Active Members: 38237
  • » Statistics Updated:
    - Tue Sep 1st, 2020 09:28AM EST