Read more hereQuote:
A U.S. security expert who devised an application that can fill an iPod with business-critical data in a matter of minutes is urging companies to address the very real threat of data theft.
Printable View
Read more hereQuote:
A U.S. security expert who devised an application that can fill an iPod with business-critical data in a matter of minutes is urging companies to address the very real threat of data theft.
That's a breach of policy in this organization.
You are not allowed to connect any device to any part of the network without the prior permission of the IT department.
Good point Tiger~
That is a reasonably common policy over here, and in more sensitive locations you are not even allowed to bring the devices on site (mobile phones, cameras as well!)
But I do sense a bit of FUD here? OK so I bring said device on site. Don't we have a policy which only allows access on a needs to basis? So, I should not even be able to see sensitive data, unless it is my job.
All this ties in with HR and your recruitment policy as well?
This has actually been a risk since CD/DVD burners and USB drives became common. Also, someone listening to an i-Pod isn't concentrating on their work...............that would actually attract attention in a professional environment, and where it does not they probably haven't anything worth stealing anyway? What is OK for goods inwards isn't the same in finance ;)
Well, its good that your organisation actually has a policy, however does that include USB sticks. I would be willing to bet even if it does you will still have employees connecting there USB sticks.
However lets be honest here, if an employee is out to steal business critical files from a company i don't think they'll be concerned whether or not the company policy allows them to connect an external device or not. :D
Plus even if they were caught, what is the punishment for a breach of policy. For example to install anything on my work PC i need IT to do it because of restrictions, not an uncommon policy and actually quite sensible, however for some reason Firefox installed fine for me, so i never bothered telling IT. Yesterday an IT technician came down and said he noticed Firefox while doing an 'update' the other day. I said that yes i had installed it myself and he said 'thats cool, just thought i'd remind you the policy prohibits this, but don't worry'
I wonder, how would a company proove they had stuff stolen by user X. Surely to proove that they would need to log, which user performed the search AND copied the files to an external drive, is that something that is generally logged?
EDIT: He he posting at the same time nihil.
Actually you make a good point that i forgot, the company that i currently work for does only give users access to folders that there manager identified they need access to, however i know that my last company just gave you full access!!! :eek:
Plus although that helps, it doesn't stop the user copying sensitive work that they are working on...
If I walk around any of my facilities and find a device, any device - thumb drives included, I will know whether the user is authorized because my staff are directed to forward all requests to me. If they aren't authorised I will look on the device to see what is there - I have the right to, per policy since they attached it to the work computer - and the policy states that breaches of policy may result in disciplinary action up to and including termination.
Can they sneak it by me... Maybe, but most users don't have the rights to allow the thumb drive to be installed so it's not a huge issue.
IIRC there's a GPO on windows that can be used to prevent access to USB mass storage devices...
We had this discussion at work (more than once) and we considered specifically implementing policies to stop thumb drives etc. We came to the conclusion that they posed no more of a risk for malware entry than floppy disks and no greater a risk to loss of data than existing CDRW drives or pen and paper even. Anyone who is going to steal data will almost certainly have legitimate business access to it anyway and they could print it and walk out with it under their arm.
Removal of personal or protectively marked materials is covered under all circumstances by other policies.
We considered this to be a people problem rather than a technological problem.
A lot of these reports seem to be FUD released by companies selling solutions to that particular 'problem'.
No. I asked the same question when this first came up.Quote:
ShippMA - I wonder, how would a company proove they had stuff stolen by user X. Surely to proove that they would need to log, which user performed the search AND copied the files to an external drive, is that something that is generally logged?
Hey Aspman , I just love the Official Secrets Acts..................legislation with teeth :D not like this namby pamby "Homeland Insecurity" or "Data Protection" crap?
;)
Well, I've never worked at an IT company before but why not just glue the USB ports shut and make someone who needs to use the USB port go to an administrator computer and send whatever data they need to their computer. :)
But really, this seems like a one step foward two steps back kinda thing. The more advanced technology gets, the easier it becomes for people to do malicious things with them...
This is going to be difficult..... Please note that a lot of the newer keyboards/mice are usb only.. It's kind of hard to connect a keyboard when the ports are glued shut.. Gluing the keyboard isn't an option either.. We all know that users, keyboards and coffee don't mix ;)Quote:
Originally posted here by Raion
Well, I've never worked at an IT company before but why not just glue the USB ports shut and make someone who needs to use the USB port go to an administrator computer and send whatever data they need to their computer. :)