Ever have a trusted salesperson, contractor or customer bring by a flash drive with a file by for you to view on one of your company's machines? Ever regret letting the outsider's drive inside your perimeter?
Ever have a trusted salesperson, contractor or customer bring by a flash drive with a file by for you to view on one of your company's machines? Ever regret letting the outsider's drive inside your perimeter?You may allow your most trusted employees certain leeways and latitudes when it comes to their use of your business's technology -- but what abut your most trusted vendors, contractors, customers and partners?
I was talking recently with a friend who's an industrial products salesman, and among the matters we discussed was how easy technology had made it for him to show customers and vendors photos, schematics, other materials.
"Just pop a thumb drive in one of their machines, and there you go," he said.
"Are you kidding?" he said, admitting that one company preferred that he connect a camera or phone to their system rather than a thumb drive because, according to his customer, "Cameras and phones are safer."
Now, odds are that the leeway they grant to my friend extends to people not as tech-savvy as he is, and probably extends to everybody. (Odds are, actually, that their systems are leaking information like sieves.)
But we all know of security-conscious and careful companies that do extend similar access to trusted outsiders, and do so for reasons of convenience, expediency or constancy of the vendor's presence in their business.
You know your vendors, you know your systems, you know your security procedures and tools, you know your comfort-levels with granting access.
Problem is, you may not know the levels of understanding your trusted outsider possesses on these very same matters.
At the very least, it's a good idea to insist that your trusted outsiders adhere to the same policies, monitoring and scans that your employees must meet.
Insist that any device brought into your workplace be equipped with up-to-date security software.
Deploy tools that monitor all devices and drives on your network.
Too much trouble?
Considering doing what my salesman friend and I have discussed:
Set up a dedicated, non-networked computer for viewing materials brought in by vendors or customers. Equip the machine with security software, and use the machine only for outsider presentations and other materials. Scan it in depth after every such presentation.
Suspenders and belt? Sure -- but these sorts of safeguards can help keep your business from getting caught with its security pants down as a result of a sloppy or unaware outsider who has something you "just have to see."
While you're at it, you might want to review those internal leeways and latitudes you grant, as well.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.