“Despite a strict policy to use BlackBerry devices, it seems obvious that many of our employees are using the iPhone for both work and play without the knowledge of IT. Apple has made it easy for them to connect to our email service and today’s users are savvy enough to figure out how to configure it, and if they’re not, YouTube provides plenty of instruction. How can IT put the genie back in the bottle?”
In 1992, a British bank sent an employee to Singapore to launch and manage its trading operations. The employee engaged in speculative derivatives trading which counted on the Japanese market remaining stable. Unfortunately for him, the Kobe earthquake in 1995 sent the Nikkei into a state of volatility. His risky trades led to $1 billion in losses for the bank.
Employees want IT to link their personal smartphones to email and other corporate resources, but how do you secure devices that house a mix of peronsal and corporate information? And what happens when those employees quit?
Traditionally security professionals have spent most of their time trying to prevent malicious attacks from outside the company. But what happens when the threat comes from trusted insiders with access to passwords?
Over the last few months, the PCI Knowledge Base has been doing research on the impact of PCI compliance on fraud and fraud management for the Merchant Risk Council. One of the things we've learned is that, in general, the PCI-mandated controls are most effective at reducing internal fraud due to insider threat.
A number of factors are increasing the challenges of keeping networks secure. One source is additional users of varying types -- including some with multiple roles -- coming onto the network. IT staff finds it must support remote workers, guests, contractors, partners, suppliers -- sometimes even competitors -- on the LAN and yet still protect sensitive corporate assets.
In today's economy, companies are changing fast. If my company makes an acquisition, can I easily create a group of users to manage that integration, give them specific access privileges, and then dissolve that group when the transition has been complete?
The Verizon Business RISK team recently released its "2009 Data Breach Investigations Report" which gives a fresh look into the question of whether insiders or outsiders are the larger threat group. The report concludes that 74% of breaches result from external sources and "the predominance of total records lost was attributed to outsiders."
In times of economic crisis people tend to seek the safety and security of the status quo. "Doing what you've always done, and what everyone else is doing, is the most prudent course," goes the thinking.
In today's increasingly communicative world, businesses face a dilemma. They have to find ways to be more engaging and communicate more directly to their customers and the public, while retaining close control of sensitive information.
"Our IT department has identified a potential issue with shared account usage in our applications. Can we control unauthorized usage or will we need to replace the apps? We want to avoid that cost if at all possible."
Moving into 2009, the number of layoffs and unemployed has multiplied as a result of the falling economy. Corporate data is at risk now more than ever and companies need to be sure they have reliable protection in place.
Companies today realize the threats and consequences of data loss and by now most have some sort of data protection in place. But, many companies that were rushed into data protection by the fear of losing precious data may have been too quick to throw together a patchwork quilt of security software, which is now proving costly.
My company is increasingly deploying SSL applications and that traffic already represents 40 percent of my network capacity. With this encrypted traffic on the rise, how can I build an effective protection against the loss of sensitive data?
My company is considering purchasing new smartphones for all employees and I am concerned about the implications of what this means for tracking our sensitive data. What are the special challenges of protecting data in an increasingly mobile workforce, and how can I meet my data protection goals?