Every company has data leaks.
It is impossible to plug every one of them. It is possible to manage them though. The data leak doesn’t have to be access to the network by nefarious individuals. Most likely it is your own employees taking action without really thinking of the consequences. Like the domain admin giving a domain level account and password over the cell phone in a crowded elevator -- He was trying to solve an issue, but missed the environmental conditions he was in. So now everyone in that elevator knew a domain level admin credentials for that company. But you don't know which company he works for you say...sure we do, just look at his ID badge clipped for convenience to his clothing. It’s the little things that get you in trouble too.
Some sources of data leakage are:
- Allowing access to personal email, staff can send out data without you tracking it.
- Allowing USB usage, staff can put in a USB drive, phone, and even IPods that can sip the data.
- Sensitive papers lying about on desks unsecured to be viewed by anyone.
- Talking about sensitive information in public spaces
How to manage this? Well there are several ways. The most successful way is to institute policies for your staff. Having the staff aware there are guidelines and consequences is addressing most of the issues. You will need to have a training schedule for new hires and reviews for user. Having the user acknowledge the policies with a signed document will provide you foundation for maintaining the security. These policies can be as simple as the clean desk policy which dictates what can be left out when a user is not at their desk, to technology policies which dictates what devices are allowed into the site and how they are used.
To support the policies you can leverage technology. Using Active Directory Group Policies to control access to resources on the network, device usage such as turning off USB ports, all this is possible. You can use third party applications to control web access to email, track access, and allow access.
This may seem draconian, and it can be if misused. But the trick is to apply the right amount of restrictions to protect the company and balance the access given for work. So you can't access Facebook on your work computer, big deal, you’re working. Odds are you have it on your phone anyway. Using technology to enforce the policies will enable you to maintained standards consistently all day to all staff. It is auditable and can be changed as the environment changes.
So keep you staff informed, your policies current, and use your technology to simplify and standardize, and revisit both often for review and updates.
Wall Street Journal:
Verizon Chief Executive Ivan Seidenberg said Verizon Wireless's new data plans, which will likely roll out over the next four to six months, would be different from AT&T's plans, but he didn't provide details.
"We're not sure we agree yet with how they valued the data," he said at an investor conference Thursday.
If I were a Verizon subscriber, that last sentence would scare the pants off of me.
The cheaper, popular, ATT smartphone data plan is only $15/month for 200MB. Many iPhone users hover around that level either because they aren’t super nerds that browse the web all day on their enterprise network, or are near Wi-Fi while away from home. If you’re feeling fruity, there is the $25/month plan for anything under 2GB. I usually don’t get that high but I do come close. (Refreshing the Twitter is hard, painstaking work.) But that doesn’t matter as I was grandfathered in thanks to the now defunct unlimited data plan.
Verizon will be moving to a similar system, but if their CEO thinks ATT didn’t value their data appropriately, my guess is the Verizon alternatives will be more expensive. And why wouldn’t they price them higher?
I’m loathe to bring up the iPhone when taking about Verizon, but dammit, I’m going to do it right now. Let’s say that ATT no longer has exclusivity with the iPhone, and both carriers can sell it. Even better, as a super awesome managed services IT support company, that means we can support more folks. Who will the general public choose between ATT & Verizon for the iPhone; a carrier that has zero public history with dropping calls, or the one that has seemingly failed iPhone users for nearly 4 years?
I’d bet that the prospective iPhone owner wouldn’t care about paying an extra $5 or $10 a month for some peace of mind. And even if we’re just talking about someone looking for a smartphone in general, outside of the iPhone and the new Galaxy S phone, what does ATT even have to offer?
Verizon could charge $35 for 2GB of data and customers would still choose them over ATT.
Time to grab some VZW stock.