Younger workers and data security

Is there a low-tech solution to high-tech theft prevention?

Ever had to examine one problem from two completely different viewpoints? I got to do that after speaking to the Mystery Writers of America Southwest chapter in a session called "Technology goes bad" on Saturday, then on Tuesday talking to Symantec about protecting data. Saturday I told writers how to help characters steal data, then Tuesday I considered how to stop them.

Even more fun, many of the tools people use to steal data are part of everyday life for younger employees called Millennials. Smart phones, portable music players and social network addiction make for happy Millennials, but sad security officers.

There are almost as many Millennials - born between 1980 and 2000 - as there are Baby Boomers. Call them the Internet Generation, Echo Boomers or whippersnappers, there's a bunch of them now hitting the job market.

Fortune Magazine called the Millennials “the most high-maintenance, but also most high-performing workforce in the history of the world.” And they're driving big companies with strict security guidelines crazy with their demands to use Facebook and Instant Messaging, download any new program they see on the Web, and sneer at anything not Web-enabled.

During the Symantec call, in which the company was updating journalists about efforts to integrate Altiris network management into more Symantec product lines, the problem of Millennials came up. It's one thing to have products that help you stop an employee from copying data to her iPod (and Symantec does), but another to mesh old-line security people with young “let's all share everything and talk about it on MySpace” employees.

Symantec says the small business market is important to them, and it is working to make sure smaller companies can afford more security products. Yet few small businesses will pay even discounted prices to get the level of security management necessary to completely lock down user computers.

So how do you keep a fired employee from copying all your sales contacts right before they leave? One way is to act like the big companies and escort fired employees from the premises immediately. Pay them for two weeks, but send the person home.

This doesn't help if an employee plans to quit rather than gets fired, and copies files before announcing their exit. Then you need a strong endpoint security solution to stop them, or a good logging system to find out what they copied before you call the police.

Some companies disable computer USB ports through the BIOS configuration so users can't copy files to USB drives. However, that won't stop anyone who knows how to re-enable those ports the next time they boot up.

Careful design of your data storage system, along with organized user access rights, can keep employees away from data they shouldn't have. There's really no reason a person in sales should ever see the accounting files, for instance, and that's easy to prevent when setting up user access. Too many small companies rely on Windows peer-to-peer networking to share data, and that's a problem because there is little access control possible. Too many larger small companies use network-attached storage (NAS) devices that rely on Windows workgroup networking protocols and never rethink their user access configuration. (Compare Data Leak Protection products)

The risk of employees stealing is far less (assuming you have at least a mediocre hiring interview process) than the risk of employees helping viruses and spyware get into your network. It's hard to understand why some users still don't believe they need antivirus and antispyware today, but they are out there. If they work in your company, you know who they are because they need help cleaning up their computers all the time. (Compare antispyware and antivirus products)

Even if you do have antivirus and antispyware protection, you can't tempt fate for long and get away with it. That's what the Millennials tend to do as they download new utilities and fun games and new Instant Messaging utilities on their work computer. They tempt fate, you clean up their computers.

When you can't afford all the security your consultant recommends, you can try the long lost art of user education. Explain to your Millennials and everyone else, once again, how viruses get in (e-mail attachments) and spyware gets in (Web sites). Don't click on attachments in e-mail that look the least bit fishy. One friend just told me if he gets an e-mail from someone he knows but wasn't expecting an attachment, he calls and asks them if they really sent that attachment. Paranoid? Perhaps, but his computer is clean.

Security will be a tough battle for years to come. As you grow and can afford more security, remember to upgrade your endpoint protection tools. Then remember that the real endpoint for your network, people, can help protect your network when educated, trusted and monitored.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT