Companies need to pay closer attention to what their employees are doing on their computers, warns Securicom, a specialist IT security company.
“This time we're not talking about the Web sites they are visiting, the stuff they're downloading from the Net or the content they're circulating on e-mail. We're talking about the actions they're taking with the PCs, information and appliances you allow them to have access to while they're at work.
“With so much emphasis on protecting company networks and data against threats from the Net, the threats that can be perpetuated from inside the ranks are often ignored. It's a discouraging fact, but employees are the biggest threat to a company's IT and data security,” says Dries Morris, operations director at Securicom.
“On one hand, there is the risk of employees unwittingly depositing viruses and other malicious content onto company resources by plugging in infected peripheral devices like iPods, cameras and memory cards. But, on the other hand, there are more sinister threats arising from employees' access to information on company systems.
“There are a few endpoint security essentials that companies should have in place to protect assets and information from abuse by employees. A network firewall is just not going to cut it.”
He says that even with a really top-notch firewall at the perimeter, each and every endpoint should also be furnished with its own firewall to protect it against threats that don't originate from the Internet, such as those spread via e-mail or infected disks. A desktop firewall will also stop unsolicited outbound traffic from infected computers, which could lead to infections and security breaches in other computers and external programs.
“The common use of plug-in peripherals such as flash drives, hard drives and other portable devices is undesirable for most businesses. For one, it is a complete and utter waste of company time and resources to have your employees plugging in all manner of peripheral devices, from cameras to flash drives and hard drives. If there is no business need for them to be able to plug in portable devices but they are, you can safely assume that they are using your time and your resources to copy music and movies, and arrange personal photographs while they are at work.
“Aside from affecting productivity, the practice of plugging in personal devices also opens up your computers and systems to viruses and other malicious content. Also remember that these kinds of peripherals can also be used to copy and transfer sensitive and confidential business information from your systems.
“Of course, no company wants to believe that its own employees would steal important customer information or leak sensitive information that could jeopardise the business, but it happens more often than most companies would like to cotton on. Internal fraud is becoming increasingly common. A disgruntled employee with malicious intentions has the potential to cause major damage to your business,” says Morris.
For all of these reasons, Morris advises companies to have measures in place to limit or control the use of peripheral devices on company computers, as well as mechanisms to control which applications and business information certain levels of employees are permitted to access.
“It sounds like a laborious and expensive order, particularly for companies with lots of employees and just as many endpoints distributed all over the country. But, it is possible for companies to tighten the reins on their employees and their access to and use of company resources and information,” says Morris.
He advises companies to consult with IT security specialists before investing in any software.
“Don't rush out and buy anything without first examining closely where the pain-points are and what level of control is actually required. If you need high-end control, you don't want to end up buying various point systems to tackle each issue or office separately. That will just make the whole process complicated and unmanageable.”
Securicom has recently launched a new endpoint security solution, Securicom Managed Endpoint Protection, which integrates essential technologies in one system. These include anti-virus, anti-spyware, desktop firewall, intrusion prevention, device control and application access control. It's offered as a fully managed service and the system is hosted upstream (in-the-cloud) by Securicom. What this means is that even with a large number of computers and servers in a distributed set-up, companies can easily implement and manage security on all endpoints to control viruses and other malicious content, and prevent unauthorised access to company resources and information, abuse of company assets by employees and data theft.
Share
Securicom
Securicom is a specialist IT security management and consulting company offering an end-to-end range of fully-hosted and managed IT security services.
All Securicom's solutions utilise world-leading technologies, which are innovatively packaged together for their individual strengths and combined with Securicom's expertise, to deliver comprehensive protection against known and emerging threats.
Securicom's services include: advanced e-mail content filtering and management (e-Purifier); hosted e-mail archiving and retrieval (MailVault); e-mail branding (e-Branding); vulnerability scanning (Securiscan); perimeter protection (Managed Firewalls); optimised wide area data services (Managed WDS); remote access security (Securicom SSL VPN) and Optimised Remote Access Services; and WebSecure, which inspects, filters and cleans inbound and outbound Web traffic to combat browser-based threats such as bots, phishing, and other malicious active content - this product is only available in Namibia at the moment.
Securicom has offices in Johannesburg, Cape Town, Namibia and London, and offers its services in 10 other African countries.
For more information on Securicom, please visit www.securicom.co.za.
Editorial contacts