| Join Our List
|
|
|
|
Dear Sacha,
Today
information is everything. It is almost impossible to make or
save money without comprehensive and detailed information.
Information is the great savior, but it is also the Achilles'
heel. We live in the information age, with all its focus and
efforts to make it easier to share information - in some cases whether
people have a right to share that information or not. This is an
issue that is becoming increasingly important. How does one
prevent a disgruntled or avaricious employee from giving out sensitive
information?
|
| It's Your Data. Keep it that Way. |
|
Protecting yourself from all sides
Everyone
now knows well enough to protect themselves from outside threats.
Most websites and networks are secure enough that outsiders have little
hope for success in breaking in. That leaves open the question of
the 'inside job'. How do you protect yourself from people who
have a right and need to access the network or information to do their
jobs? Is it a real threat?
A recent VeriSign white paper
has indicated that the theft of intellectual property by insiders has
increased four fold in the space of one year. So, yes, the threat
is real. Of course, it is impossible to put hard and fast numbers
to percentages and even the white paper's authors admit that "existing
literature on insider threats is rife with ambiguity". So one
might legitimately wonder, at the risk of making a rather fine
distinction, how real is the danger?
Although the white paper
focuses on the private sector, there is information available from
other sources to gain some idea of how often government employees fall
prey to temptation. One such source is the National Procurement Fraud Task Force. No employer as large as the government can hope to avoid having some unscrupulous employees.
There
are typically two methods for approaching this kind of problem:
prevention and enforcement. Prevention is impossible because
these are problems created by insiders. They have access to this
information because their work requires it. This, unfortunately,
only leaves enforcement: catching those responsible after the deed is
done.
Enforcement suffers from two drawbacks. Enforcement
is not perfect, so some people go unpunished, which leads still others
to believe they won't get caught. Naturally, nobody would commit
a crime if they believed they would be caught and punished.
Enforcement also requires the appropriate tools to be effective at all.
Such
a tool might be a product that requires employees to work online.
The requirement to enter and manipulate documentation and other bid
related information online is a start, but it is not enough. The
product must be able to follow and report on various activities.
This manner of reporting is the key element in verifying whether there
was any impropriety and, if so, to help track it to its source.
At present the ElectronicTender System
may be a luxury, but soon a product with its capabilities could become
a necessity. Which leads to one final question. When that
day comes, will you be ahead of the curve or catching up?
|
|
|
Resources |
|
Internet security news
Today
anyone who uses computers can't afford not to be aware of at least the
basic Internet security concerns. Hence, even if it doesn't
particularly interest you, it is undoubtedly advantageous to visit a
news site like SecurityProNews at least once a week.
|
This
is a situation without a real answer, so there's no gain in looking for
a perfect solution. The key is not to give in to fear. The
risk exists. We cannot eliminate it. All we can do is to
try to minimize it and carry on. But minimizing the risk is a
vital step, and one during which we shouldn't ignore anything that
could help us. Past that, despite the doomsday talk, the future
is as bright as ever.
Sincerely,
Sacha Hartmann
YSER Inc.
|
|
|
