/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow Us
The number of channels through which information can be stolen has increased considerably, making it ever more difficult to protect it. What's required is a combination of technology, security policy, and user training to make the first two effective. Unfortunately, a lot of organizations, especially SMEs don't take the last point seriously enough and end up paying dearly. Let me explain this with a few examples.
People usually resort to bulk mailing when sending wishes during a festival. This is fine so long emails are sent via Bcc or mail merge. Unfortunately, users put all email Ids in the "To" field of their email client, and end up sharing email ids with all recipients, causing a major security risk. Now imagine if someone in your company sends out new year wishes to his/her address book like this? And in turn, some of the recipients forward the mail 'as is' to their own contacts? A small mistake like this starts a chain reaction, with in your company's key customer contacts getting shared with the entire world, and possibly your competitors too (because Murphy is always around!).
A school in Delhi NCR region apparently sent out an email circular to all parents. As a result, all parents got each others' contacts. One of them smartly formed an online group and invited all others to join so that they could discuss and debate over the school's policies and procedures. Now, they're in a position to negotiate every time the school raises its fees!
Easy to guess email passwords are another old nightmare that most organizations go through even today. A company we know had accounts of many of its users hacked into because of this. Moreover, the hacker put a 'dot forward' in the users' email settings so that all emails were also forwarded to his own servers. The hacker also used the users' SMTP settings to send out spam. As a result, the company's mail server got black listed and they had a hard time getting it white listed again.
Blocking social networking sites or online storage sites doesn't serve any purpose if you leave USB ports open and vice versa. If the objective is to prevent information from getting stolen, then both have to be done so that information doesn't move out of your network. It's like installing an anti-virus software, but not keeping it updated with the latest virus signatures.
There are dozens of examples like this one, but without getting into all of them, the long and short of it is to ensure that security policies are enforced to prevent information theft.