Know The Enemy Within
by Harnish Patel - SurfControl - Monday, 9 July 2007.
Organisations need a clear and robust acceptable usage policy set up to protect its intellectual property, but it’s essential to back this up with an equally robust security solution capable of filtering and monitoring employee activity.

The right filtering tool will support your company and help to protect its assets against the potential threats posed by the latest technological developments and media trends, without impacting on business operations and productivity.

The latest tools control and block outbound USB data connections as part of a comprehensive user management solution, and can offer granular security and access levels, segmented by user and by PC, to guarantee an optimum balance between network security and business productivity.

Does out of the office = out of control?

The study found that laptop users consistently displayed greater levels of risky behavior – 11% download porn, 34% download music, 20% play games; all greater proportions than for desktop users. This represents a significant threat, and is a frequent gateway through which malware can enter the corporate network.

Greater risk needs greater precautions and protection, and organizations must ensure that all security policies, filtering software and USB controls are as rigorously applied to company laptops as they are to office-based PCs. Naturally, at the same time, it’s also essential that errant laptop users and mobile workers are made aware of Acceptable Usage Policy, and what exactly they can and cannot access over the corporate network.

Security: Whose job is it anyway?

The global security survey also revealed that security updates all too often fall through the gaps, and that there was considerable uncertainty as to whose role it was to implement security checks and updates.

62% of respondents believe the responsibility for IT security lies squarely with the IT department, whereas the bleak reality is that only 35% of IT departments proactively carry out any upgrades to anti-spyware software, leaving the employee and company vulnerable to attack.

In truth – everybody has their part to play. Users must be educated in what constitutes risky and unacceptable behavior through clearly communicated Acceptable Usage Polices.

Implementing effective network security that monitors and prevents risky behaviors is the responsibility of the IT department. The choice of security solutions, and the update policy to manage new threats must be tailored to the needs of the organization and extend out to cover mobile users – clearly a major source of risk.

The latest generation of solutions are making life increasingly easier in this respect. For example opting for a managed service option provides on-demand security for office-based and mobile workers and ensures the very latest updates are all in place, to guarantee optimum security and meet the agreed SLA.

However it is unlikely that a single solution will provide all the protection required and organizations must ensure they have a multi-layered approach – often mixing service and product based solutions that can deliver high-end security functionality for Web, e-mail and mobile storage devices, to mitigate against risk and protect the business - keeping your intellectual property close, and the threats to it even closer.


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th