Silver Bullet for Compliance

By | December 30, 2006

The rise of life-style technologies, such as the ubiquitous iPod, has also given birth to a new type of security threat via the USB port. MP3 players are in reality portable memory devices, which are capable of downloading and storing vast amounts of data from a corporate network – as is every laptop.

So whilst the conscientious employee may be intending to do some work over the weekend there is nothing to prevent him or her leaving the laptop in a taxi or the local pub by mistake, along with all that valuable data.

Alternatively, what´s to stop a disgruntled employee passing information to a competitor? In either case, the threat is huge, whether the potential data lost is a customer database or personnel files, payroll or tax data.

Indeed, companies have a responsibility to protect employee data from the rising threat of ID theft. Some early studies indicate that much ID theft is often perpetrated by staff that can access records to set up credit cards or commit other crimes. This is becoming an increasingly serious issue in North America where more than 20 million instances have already been recorded.

This raises the issue of vicarious liability, whereby an employer is personally and directly responsible for the failure of security systems and incomplete compliance.

However, integrated software tools can deliver increased peace of mind as well as better security compliance too. They allow the IT manager to prevent all such activity by remotely assigning access and download rights to user groups, or even individual users if necessary. In this way USB ports can effectively be locked-down to prevent unauthorized access by external storage devices whilst remaining available for use by approved peripherals such as mice or printers.

Policy please

Now we come to the issue of policy enforcement, which straddles both camps of security and compliance. Its importance grows daily, inline with the increasing number of compliance challenges facing SMEs.

There is an increasing trend amongst employees to regard office PCs as their personal property. It is uncommon to find a user who does not consider it their right to use it for personal admin, email or MSN messaging and internet surfing.

Whilst many employers are currently happy to overlook this to a certain extent, there are specific dangers associated with these activities if they aren´t limited by acceptable usage policies. For instance, it is very easy now for employees to download software direct from the internet, via their office server.

They may be downloading pirated software, viruses, trojans or worms, pornography or other inappropriate materials – all of which can create huge compliance issues for the employer.

Policy is important, not only to ensure security issues such as those examined above, but it is also important to ensure compliance for an increasing range of legal and trade issues.

Leave a Reply