Door wide open for staff to exit with sensitive data

Check Point announced that research showed that almost half of people would take useful information and data with them to their next job. It is unlikely that anyone would stop them as three quarters of companies, based on the recent survey, have no security in place to prevent information going out the door!  Eighty five percent of employees admitted that they could easily download competitive information and take it with them to their next job, in-spite of 74% of these companies having a policy that specifically states that company personnel are not allowed to take company information out of the office. These findings come out of a survey by Check Point Software into “staff and data security” carried out amongst 200 senior IT professionals.
 
UK employees are not quite as trustworthy as their Scandinavian counterparts as the same survey was conducted in the Nordic region and found that although most Nordic employees could download data from their current employer, just 32% would go on to use this information for competitive advantage in their next job. 

Eighty one percent of people take files from work to use at home with the majority dumping their laptops in favour of USB sticks as the preferred method to store data, as it’s far more convenient, cheap and easy.  Thirty three percent store work data on their USB stick, versus 14% who now use a laptop.
 
The huge demand for people to use USB sticks creates a real security headache for most companies as it’s difficult to keep tabs on them because they are so small and go unnoticed.  They are also far easier to lose in transit – making them a likely target for opportunists who may find them very valuable assets to trade with competitors or use to blackmail the company into keeping quiet about the fact that they lost valuable or sensitive information without protecting it.
 
Check Point has some simple advice to offer companies on how to go about rolling out a mobile security policy to secure vital company data:

1.      Educate your staff so that they are aware of the security and legal implications of downloading sensitive or competitive information.

2.      Include the management of all mobile devices in your security policy. 

3.      Specify that all staff members have to sign your security policy, to ensure that they will not download sensitive or competitive information, nor will they use this information to take to their next job and make sure you have the appropriate software to enforce the policy in place.

4.      If you have sensitive information you do not want downloaded, then block end-points on computers with efficient and cost effective software.

5.      Ensure that all USB sticks that are connected are encrypted.

6.      Use encryption software that does not impair the use of the device and make sure that employees cannot by-pass the encryption – it therefore needs to be transparent to the user, quick and easy to use. 

7.      Remember security is a two way process – you need to have your staff on your side, so complement sensible, workable policies, with centrally controlled security technology combined with trust, education and understanding.