Comments on: Two In Five Office Workers Steal Sensitive Data http://www.techweekeurope.co.uk/news/news-security/two-in-five-office-workers-steal-sensitive-data-2574 Enhancing business with technology - in association with eweek.com Thu, 09 Feb 2012 17:33:24 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Marc Hocking http://www.techweekeurope.co.uk/news/news-security/two-in-five-office-workers-steal-sensitive-data-2574#comment-350 Marc Hocking Fri, 27 Nov 2009 10:32:34 +0000 http://www.eweekeurope.co.uk/news/news-security/two-in-five-office-workers-steal-sensitive-data-2574#comment-350 The recent stories surrounding data theft reinforce the need for companies to have a sound Information Assurance strategy. This needs to comprise of effective policy which is reinforced by technology. The correct controls need to be in place from the start - trying to put these in place after an employee has been sacked and stolen data is like bolting the barn door after the horse has bolted. Whenever an organisation hires a new employee, there needs to be education about the data policy, and continual reinforcement of this to ensure that employees are updated on any policy changes. Organisations need to make sure that strategies are in place across the entire employee lifecycle, and ensure that these are effectively communicated, so prevent potentially catastrophic data loss. The recent stories surrounding data theft reinforce the need for companies to have a sound Information Assurance strategy. This needs to comprise of effective policy which is reinforced by technology. The correct controls need to be in place from the start – trying to put these in place after an employee has been sacked and stolen data is like bolting the barn door after the horse has bolted. Whenever an organisation hires a new employee, there needs to be education about the data policy, and continual reinforcement of this to ensure that employees are updated on any policy changes. Organisations need to make sure that strategies are in place across the entire employee lifecycle, and ensure that these are effectively communicated, so prevent potentially catastrophic data loss.

]]> By: Stuart Hodkinson, General Manager, Courion http://www.techweekeurope.co.uk/news/news-security/two-in-five-office-workers-steal-sensitive-data-2574#comment-346 Stuart Hodkinson, General Manager, Courion Thu, 26 Nov 2009 09:09:07 +0000 http://www.eweekeurope.co.uk/news/news-security/two-in-five-office-workers-steal-sensitive-data-2574#comment-346 Sadly it comes as little surprise that so many see the threat of employee fraud growing due to the economy. However, the research highlights a concerning issue - full-time employees being seen as the highest risk segment. Full-time employees are often given access privileges to systems when needed, but those privileges are rarely withdrawn when no longer necessary, thus heightening risk and temptation. Even worse, some companies don't govern user accounts and access rights to applications and data at all. They simply give employees carte blanche to access all computer systems whatever their role, rather than ensuring that only the right people have the right access to the right resources. It is important to define and implement policies concerning user access rights to applications and data; create user accounts on various target systems with the appropriate access rights; modify user access rights to accounts over time as required by changing business needs; and disable accounts when users are no longer authorised to access them. Taking it a step further and automating this provisioning makes it even easier to consistently ensure that only authorised users have appropriate access to sensitive data. Sadly it comes as little surprise that so many see the threat of employee fraud growing due to the economy. However, the research highlights a concerning issue – full-time employees being seen as the highest risk segment.

Full-time employees are often given access privileges to systems when needed, but those privileges are rarely withdrawn when no longer necessary, thus heightening risk and temptation. Even worse, some companies don’t govern user accounts and access rights to applications and data at all. They simply give employees carte blanche to access all computer systems whatever their role, rather than ensuring that only the right people have the right access to the right resources.

It is important to define and implement policies concerning user access rights to applications and data; create user accounts on various target systems with the appropriate access rights; modify user access rights to accounts over time as required by changing business needs; and disable accounts when users are no longer authorised to access them. Taking it a step further and automating this provisioning makes it even easier to consistently ensure that only authorised users have appropriate access to sensitive data.

]]>