Friday, 22 January 2010 10:08
administrator
Leaks of confidential data:
a concern for IT security managers
We often hear about thefts of confidential data, and major companies frequently hit the headlines with stories about enormous quantities of confidential customer data being lost or stolen. Depending on the type of data lost, the damage may harm a company's reputation, hit revenues or even lead to exorbitant financial penalties in the form of fines or legal proceedings. Costs can quickly reach millions of euros.
Most of these losses are accidental.
With e-mails containing more than 80% of a company's contact details, it is not surprising that the main concern of businesses is the loss of confidential data via e-mail. 95% of data loss through e-mail is unintentional: someone accidentally selecting the wrong recipient using the e-mail client's automatic search function, for example. Unfortunately, the disclaimer notice about unintended recipients and confidentiality does not reduce the importance the media place on the situation; nor does it not really reduce the legal liability of the company.
Most of these losses are accidental, except that...
Let's face it! If a disgruntled employee or a malicious subcontractor decides to seize the company's confidential information, there is not much you can do to stop them. Data loss for malicious purposes does not happen through e-mail, but through photocopying, USB sticks, burning data to CD/DVD and theft of physical property. No system for preventing data leakage is perfect!" says Jean-Noël Galzain, CEO of Wallix.
|
Last Updated ( Tuesday, 23 February 2010 14:19 )
Read more...
|
Friday, 15 January 2010 17:01
administrator
The company's Achilles heel
remains the IT administrator
According to a survey of 200 IT professionals, IT administrators use their privileged access rights and passwords to seek information outside the strict scope of their responsibility (the contents of employee e-mails, human resources files, payroll information, personal data of third parties, information strategic to the company etc.).
Even if the infrastructure is now relatively secure, few companies have solutions that allow them to control access to the information system effectively at a low cost, and even less to record all the actions taken by IT administrators. This lack of appropriate solutions makes it very difficult if not impossible to maintain control over the IT infrastructure.
System administrators are often required to handle large numbers of passwords on a daily basis, and this information is either stored in their heads, scrawled on Post-It notes, or printed out on a sheet on the desk. The survey also revealed that a third of respondents are confident they would have no problem keeping their access rights if they left the company. Worse still, 28% know of former colleagues in this situation, some of whom even have access to customer files.
|
Last Updated ( Tuesday, 23 February 2010 14:20 )
Read more...
Friday, 08 January 2010 10:39
administrator
In a time of financial crisis, are you protected against data leakage?
Redundancies are common these days, affecting all activity sectors. Employees who are made redundant or leave their company rarely leave empty-handed. This can cause major damage in terms of security and the protection of a company's intellectual property.
Firing IT employees can be extremely expensive and threaten the security and competitiveness of enterprise information. According to a 2009 survey on "Trust, Security & Passwords", about 90% of the administrators questioned in the new technology sector would be willing to disclose secret information about their company if dismissed.
This sensitive data includes passwords, databases, research projects, detailed specifications, financial reports and above all lists of privileged passwords, each one of which is a key giving access to a company's secure networks. Leaks of information like this would give the competition access to strictly confidential reports, such as customer budgets, information sheets, pay slips etc.
Today very few changes are made to access codes for critical servers.
|
Last Updated ( Tuesday, 23 February 2010 14:20 )
Read more...
|
|
|
|
|
|
