Curbing the office social
Blogging, and use of social networking websites should also be added to the AUP. With blogging, you’ll need to specify what the business is comfortable allowing employees to discuss. Company intellectual property and confidential information should obviously be restricted from blogs, and the same with social networking sites. As with USB devices, policies should be enforced by products, to truly limit risk.
Mobile devices run increasingly robust applications, carry a great deal of business data and increasingly are a target for malicious code. Enterprises can take precautions to limit the risks of these devices without resorting to an unenforceable outright ban – an example being deployment of encryption for all approved mobile devices that have access to sensitive data. Ensure that the encryption product you choose is proven, transparent and automatic, eliminating user interaction and creating a fully enforceable solution that holds up to stringent compliance requirements.
Employees connect to enterprise resources through both unmanaged networks and unmanaged remote devices, reported Gartner. This can increase productivity, but it can also punch holes in the company's network security. Companies should deploy VPNs to restrict access based on checks of the security of the user’s endpoint. The VPN can be SSL or IPSec, according to the company’s needs. IPSec clients enable increased control and management of the remote access point, which in turn increases protection of corporate assets.
Combined, these four steps result in a formula that will rapidly take most companies a long way towards plugging potential leaks. It’s a long race, but the Winner’s Circle will be much sweeter than crashing out on the track.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.