Companies need to pay closer attention to what their employees are doing on their computers warns Securicom, a specialist IT security company.
“This time we’re not talking about the websites they are visiting, the stuff they’re downloading from the net or the content they’re circulating on email. We’re talking about the actions they’re taking with the PCs, information and appliances you allow them to have access to while they’re at work.
“With so much emphasis on protecting company networks and data against threats from the net, the threats that can be perpetuated from inside the ranks are often ignored. It’s a discouraging fact but, employees are the biggest threat to a company’s IT and data security.
“On one hand there is the risk of employees unwittingly depositing viruses and other malicious content onto company resources by plugging-in infected peripheral devices like iPods, cameras and memory cards. But, on the other hand there are more sinister threats arising from employees’ access to information on company systems.
“There are a few endpoint security essentials that companies should have in place to protect assets and information from abuse by employees. A network firewall is just not going to cut it,” warns Securicom’s operations director, Dries Morris.
He says that even with a really top notch firewall at the perimeter, each and every endpoint should also be furnished with its own firewall to protect it against threats that don’t originate from the internet, such as those spread via email or infected disks. A desktop firewall will also stop unsolicited outbound traffic from infected computers which could lead to infections and security breaches in other computers and external programmes.
“The common use of plug-in peripherals such as flash drives, hard drives and other portable devices is undesirable for most businesses. For one, it is a complete and utter waste of company time and resources to have your employees plugging in all manner of peripheral devices, from cameras to flash drives and hard drives. If there is no business need for them to be able to plug in portable devices but they are, you can safely assume that they are using your time and your resources to copy music and movies, and arrange personal photographs while they are at work.
“Aside from affecting productivity, the practice of plugging in personal devices also opens up your computers and systems to viruses and other malicious content. Also remember that these kinds of peripherals can also be used to copy and transfer sensitive and confidential business information from your systems.
“Of course no company wants to believe that its own employees would steal important customer information or leak sensitive information that could jeopardise the business, but it happens more often than most companies would like to cotton on. Internal fraud is becoming increasingly common. A disgruntled employee with malicious intentions has the potential to cause major damage to your business,” says Morris.
For all of these reasons, Morris advises companies to have measures in place to limit or control the use of peripheral devices on company computers, as well as mechanisms to control which applications and business information certain levels of employees are permitted to access.
“It sounds like a laborious and expensive order, particularly for companies with lots of employees and just as many endpoints distributed all over the country. But, it is possible for companies to tighten the reigns on their employees and their access to and use of company resources and information,” says Morris.
He advises companies to consult with IT security specialists before investing in any software.
“Don’t rush out and buy anything without first examining closely where the pain-points are and what level of control is actually required. If you need high end control, you don’t want to end up buying various point systems to tackle each issue or office separately. That will just make the whole process complicated and unmanageable.”
Dries Morris, Securicom Operations Director
a tool named IP-guard will easily assist on the monitoring of employee computer activities. IP-guard consists of 14modules and is all monitored and managed from a central console. the tool is also licensed modular, where it gives the end-user the flexibility to select the modules required.