Check Point Software Technologies Ltd announced that research showed that almost half of people would take useful information and data with them to their next job. It is unlikely that anyone would stop them as three quarters of companies, based on the recent survey, have no security in place to prevent information going out the door!
Eighty five percent of employees admitted that they could easily download competitive information and take it with them to their next job, in-spite of 74% of these companies having a policy that specifically states that company personnel are not allowed to take company information out of the office. These findings come out of a survey by Check Point Software into “staff and data security” carried out amongst 200 senior IT professionals.
UK employees are not quite as trustworthy as their Scandinavian counterparts as the same survey was conducted in the Nordic region and found that although most Nordic employees could download data from their current employer, just 32% would go on to use this information for competitive advantage in their next job.
Laptops are old hat - USB Sticks on a key ring rule!
Eighty one percent of people take files from work to use at home with the majority dumping their laptops in favour of USB sticks as the preferred method to store data, as it’s far more convenient, cheap and easy. Thirty three percent store work data on their USB stick, versus 14% who now use a laptop.
The huge demand for people to use USB sticks creates a real security headache for most companies as it’s difficult to keep tabs on them because they are so small and go unnoticed. They are also far easier to lose in transit – making them a likely target for opportunists who may find them very valuable assets to trade with competitors or use to blackmail the company into keeping quiet about the fact that they lost valuable or sensitive information without protecting it.
Martin Allen a Spokesman for Check Point said “USB sticks are now more popular than ever, with everyone from children up to the CEO now travelling around with data on their USB sticks. Many can now carry 16 gigabytes around with them in their pockets which compares with 640 reams of paper in your pocket. At this estimation it’s not surprising they can become a serious security risk.
Companies spend millions on their security and just forget about the fact that millions of pounds worth of valuable data is “going walk about” on people’s key rings and a great deal are very happy to download information to take with them to their next job.
Without being too draconian our advice is to lock down computers with vital information and make sure you centrally control USB sticks by supplying them to your staff with mandatory encryption in place. That way they can freely use them keeping the data safe at all times.”
Check Point has some simple advice to offer companies on how to go about rolling out a mobile security policy to secure vital company data:
1. Educate your staff so that they are aware of the security and legal implications of downloading sensitive or competitive information.
2. Include the management of all mobile devices in your security policy.
3. Specify that all staff members have to sign your security policy, to ensure that they will not download sensitive or competitive information, nor will they use this information to take to their next job and make sure you have the appropriate software to enforce the policy in place.
4. If you have sensitive information you do not want downloaded, then block end-points on computers with efficient and cost effective software.
5. Ensure that all USB sticks that are connected are encrypted.
6. Use encryption software that does not impair the use of the device and make sure that employees cannot by-pass the encryption – it therefore needs to be transparent to the user, quick and easy to use.
7. Remember security is a two way process – you need to have your staff on your side, so complement sensible, workable policies, with centrally controlled security technology combined with trust, education and understanding.