IT managers should look to talk directly with staff in order to avoid costly data loss incidents.
Talking to SC Magazine this week, Colin Williams, networking and security practice leader at Computacenter, said that there is a challenge for 21st century organisations that want to empower their users but struggle to manage corporate information.
Calling it ‘the case of Gmail', Williams said that users can send a document or file from their work email to a webmail service to enable them to work from home and while not acting maliciously, it can pose problems for IT managers with sensitive information put out of their control.
He said: “Webmail is an asset to the end-user but a thorn in the side of the IT manager. You send something to Gmail and work at home and you are clear of data loss prevention (DLP) as you sent it to Gmail. We all do something like that, DLP solutions are all about entry and exit points to stop the user.
“I am no different from the modern user and the endpoint should be secure with encrypted data, but the user will find a way and IT has got to be smarter about stuff going out, even if it is not done with malicious intent. Only a small per cent of people act maliciously, while the vast majority is people trying to do their day job, but organisations have to be smarter to protect themselves.”
He encouraged IT teams to work closer with users saying that they should be given a notification when sensitive data is allowed to be moved, with users told that they will be audited. “Anyone who fits into category x are free to work as normal but will be tracked,” he said.
“In 2011 this will be a huge hobby horse and noise will be made on this to make customers aware, you can spend money on it but it is about getting the end-user to work with the company in a way that helps everybody.”
Research this week by Credant found that of 100 per cent of people who owned at least one USB stick, half could not remember what they had saved on the device and 34 per cent did not know where all their USB devices are at any given time.
Williams commented that there is a major problem with USB sticks being lost, particularly when they are free giveaways, not encrypted and used for work purposes
Commenting, Kevin Bocek, director of product marketing at IronKey, said that there is a problem when staff bring their USB flash drives to work and IT managers do not know what they are used for or where they are.
He said: “It is likely that every IT organisation has a policy but words on paper mean nothing today. According to the Ponemon Institute, only 15 per cent of UK organisations are using encryption to protect data on USB flash drives consistently.
“Everyone in IT needs to stand up and pay attention to the example of A4E. No longer will having a policy, for example USB flash drives should be encrypted and tracked, by allowed as an excuse.”