Adult Content and Spyware
One of the greatest information security threats to U.S. enterprises remains workers illicit viewing of adult content on their work-issued PCs and laptops at home, and then unknowingly carrying the spyware programs they contract on such sites back into their companys operations. "Companies are suffering under the weight of adult content as employees are opening enterprises to boatloads of spyware thats capable of stealing information," said Verton, who has also authored several books on IT security.The issue of the internal threat is one of the most biggest challenges facing IT departments because it is becoming easier for people to download information onto mobile devices, send out data via obscure network ports and transfer physical documents into electronic files and images, said the experts. As a result of the insider threat, companies are struggling perhaps more than ever before, said Mark Halligan, principal attorney at the Chicago-based law firm Welsh & Katz, which specializes in intellectual property law. To demonstrate the ease with which people can plug devices into corporate networks that allow them to walk away with gigabits of stolen information, the attorney showed off his wristwatch which featured a USB connector and onboard memory. "This whole concept we have of the security perimeter has disappeared; its more about where your critical data is being protected at any given time," Halligan said. "Companies lack the technical capabilities to ensure that employees, good and bad, can be effectively monitored. IT is the vehicle for distributing these assets and you wont know that youve been fleeced until you get to a trade show and your next big product is already there." While the experts contend that the pressure on enterprises network defenses shows no sign of abating, and in fact may likely increase, they agreed that most companies must begin aggressively distributing and enforcing IT security policies, and holding workers caught breaking the rules more accountable. American Express warns of a phony log-in screen on its site. Click here to read more. When someone is caught circumventing internal procedures, firms should strongly consider terminating those employees to protect themselves and send a message to other workers, they said. On the flip side of the coin, enterprises may consider rewarding workers who openly promote adherence to company guidelines to foster an atmosphere where the rules are respected, rather than resented, said the industry watchers. While workers may not like that their actions are being tracked in the workplace, and that they must hand over some level of privacy on the job to allow for better data protections, the benefits of more pervasive IT systems monitoring outweigh those concerns, the panelists said. "You have to adopt a system where you can trust your workers, but where you frequently verify their identification and intentions," said Verton. "Dont be too concerned that youre going to make people uncomfortable; if you help them understand that their livelihood, and their paychecks, are directly tied to protecting your data, they will get it." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
"The truth is that most businesses really have no confidence regarding where exactly their proprietary data is secure at any time, and its getting harder to differentiate between internal and external threats."