|
"The
number-one
channel for
both
malicious
and
inadvertent
leaks of
valuable,
confidential
information
is plain old
email," said
Gary Steele,
CEO of
Proofpoint,
Inc.
A recent
survey that
Proofpoint
conducted
with
Forrester
Consulting
found that
IT directors
and managers
are most
concerned
about
outbound
email
threats,
especially
leakage of
confidential
memos,
valuable
intellectual
property,
and trade
secrets.
Steele added
that there
are also
malicious
leaks.
"A quick
scan of
sites such
as
www.internalmemos.com
will show
dozens of
sensitive
internal
memos from
Fortune 500
companies --
typically
sent by
insiders to
the site's
publisher.
There are
also cases
such as the
recent AOL
insider
theft of
screen names
/ email
addresses."
Stop
careless
security
practices
Jeff
Bowling,
founder and
CEO of
TELXAR,
stressed
that the
best way to
plug data
leakage is
to implement
a good
security
plan, which
should not
only include
the dos and
don'ts for
the internal
network, but
also serve
as a
guidebook
for the
network
administrators.
The plan
should
include the
following
basic, often
overlooked,
policies:
Indicate
access
hours.
Specify
login
credentials
and
rights.
Disable
outside
software.
Consider
internal
auditing
/
intrusion
monitoring
applications.
Lock
down
internal
hardware
components.
Perform
regular
audits
on
security
and
resource.
Disable
USB or
FireWire
ports.
Restrict
mail
size and
/ or
block
all
attachments.
Disallow
use of
camera
devices
within
restricted
/
sensitive
areas.
Define a
tight
policy
on
acceptable
devices
and
their
usage.
Define a
Point of
Contact
policy
for
questions
about
the
network
and its
contents.
Execute
nondisclosure
and
confidentiality
agreements.
Define
chain of
command
and
escalation
procedures.
Ensure
that
managers
as well
as users
understand
the
security
plans
and
policies.
|
