Your Own Employees The Biggest Threat in Information Security?
Some of us have watched movies like The Recruit. In this movie, the star was able to steal some top secret CIA software by hiding a USB thumbdrive under a coffee mug. In a new article by UK’s The Age, it is said that:
People are becoming the weakest link [in corporate information security]. A fluid work force with diminished loyalty to organisations is being exacerbated by the fact that people do not always realise the value of information that they deal with … “
This is particularly true today since employees are now more fluid and move from job to job. They key asset today is not factory or manufacturing equipment but information. There are also a lot more ways to smuggle information out of the office. In the Recruit, you could have use a USB thumbdrive. There is also Instant Messaging and Email. Most laptops already come with a number of removable storage devices like CD and DVD writers. The article also adds:
… believes that the rise in internal security attacks has come about because outside criminal gangs realise that recruiting or tricking employees to hand over insider knowledge is less expensive and traceable than other forms of cybercrime.
Untracability is particularly true for removable storage. So, it is a good idea to disable this for untrusted personnel. In Linux workstations, most people can remove removable storage use by disabling the automouter or plug-and-play services (hald or automountd). In MS Windows XP, you can follow this nice guide from Microsoft.
Of course today, the most popular solution to this problem is contractual obligations and even most companies don’t have that.
