Companies Place Responsibility on Employees
In the wake of huge increases in lost and stolen personal computers which contain personal private information of customers and employees, companies are updating policies concerning the use of laptop computers. The new rules include limiting who can remove data from the workplace as well as specialized training.
Information Security Education, LLC was conceived to help in this area. Having trained college students in the area of information security, I discovered that companies both large and small were not following even the most basic rules of data protection. It is heartening that some large organizations are beginning to pursue stiff policies.
Should employees be found in violation of the new policies, they will be disciplined up to and including termination of employment. I believe in a no tolerance policy and would recommend dismissal on the first offense. An employee who shows a reckless attitude toward sensitive data will show a callous disregard for other rules.
Some health care providers are even reconsidering the use of Palm Pilots and BlackBerrys. The companies are prohibiting employees from uploading and downloading data from the employer’s network. This is a first step, but companies should consider disabling USB ports on computers and even prohibitions on MP3 players in the workplace.
A single USB drive can store up to 2 gigabytes of information. The tiny “thumb” drive can be concealed in a pocket without detection. It only takes seconds to download files to the devices and out the door they go. Companies of all sizes need to be very careful about the way data is handled.
Companies should consider encryption of any sensitive data and require a connection to the owner’s network to decode any of the data. The process will require some costs and perhaps slow the process, but the value gained is far greater than the public mistrust created by a large data loss.
As an employee you should know your employer’s policies about working with confidential files outside the workplace. Take only the data needed, not entire files. It is your responsibility to make sure the information is encrypted and remains so. Do not use publicly accessible computers to peruse sensitive information, this includes copiers in public areas. Always log off and shut down your workstation before leaving your office for any length of time. Use locking and tracking devices on portable computing devices.
Information Security Education, LLC was conceived to help in this area. Having trained college students in the area of information security, I discovered that companies both large and small were not following even the most basic rules of data protection. It is heartening that some large organizations are beginning to pursue stiff policies.
Should employees be found in violation of the new policies, they will be disciplined up to and including termination of employment. I believe in a no tolerance policy and would recommend dismissal on the first offense. An employee who shows a reckless attitude toward sensitive data will show a callous disregard for other rules.
Some health care providers are even reconsidering the use of Palm Pilots and BlackBerrys. The companies are prohibiting employees from uploading and downloading data from the employer’s network. This is a first step, but companies should consider disabling USB ports on computers and even prohibitions on MP3 players in the workplace.
A single USB drive can store up to 2 gigabytes of information. The tiny “thumb” drive can be concealed in a pocket without detection. It only takes seconds to download files to the devices and out the door they go. Companies of all sizes need to be very careful about the way data is handled.
Companies should consider encryption of any sensitive data and require a connection to the owner’s network to decode any of the data. The process will require some costs and perhaps slow the process, but the value gained is far greater than the public mistrust created by a large data loss.
As an employee you should know your employer’s policies about working with confidential files outside the workplace. Take only the data needed, not entire files. It is your responsibility to make sure the information is encrypted and remains so. Do not use publicly accessible computers to peruse sensitive information, this includes copiers in public areas. Always log off and shut down your workstation before leaving your office for any length of time. Use locking and tracking devices on portable computing devices.
posted by skgroner | 7:30 AM
<< Home