Corporate Mistakes Despite Better Security Awareness

Better Security Awareness – There is a lot of material written about different ways to improve physical and electronic security. The experts seem to have advice for us almost every day in the business journals. In spite of this advice, there is a constant stream of articles about security issues as well.

Better Security Awareness on Your Website

Better Security AwarenessOne of the biggest reports lately is of the state department information leaked to WikiLeaks, social media Website where users post top secret information that relates to the government and conspiracies, which was subsequently published in newspapers. The information had been taken by an Army soldier whose job was to work in the area with that information. He was able to copy thousands of state department cables by bringing in his own CDs.

In another case, an employee at Ford cleaned out his desk on his last day of work and copied nearly 4000 company documents to take with him. The information copied did not relate to the employee’s job at all, yet he had access to all of it. The damage to Ford by the theft of these documents was close to $50 million.

1e86e66de724bcf440bdfb2e_1920Businesses need to know who is accessing their information. Inside theft of data is easy and frequent because of the assumption that an employee is always looking out for the best interest of the company. Do the employees have access to more data and more computer resources than their job requires? Are the physical areas where the computer equipment is stored secure and are staff allowed to take personal items in with them?

Google has also been in the press for violating information privacy agreements. One case resulted in a class-action lawsuit for Gmail user information being made available to others. A second case relates to the Google Street View cars tapping into unsecured Wi-Fi networks.

Information privacy is becoming a big concern as it gets easier for companies to capture data from various sources and use it for their own marketing and research. People are given long agreements full of legalese to read and agree to for the safety of their information. Many do not read the agreement and of those that do, many don’t fully understand it. It becomes an interesting tangle of who has access to which information and for what purpose.

09fd12e416c45b1e6274eb93_1920Companies such as Lifelock that specialize in identify protection, have become necessary in this world of information security and privacy. Identity theft is an increasing issue as the means to obtain an individual’s personal information has become easier. Email has become a mainstay way of communicating and it’s hard to remember what we did before. Email has also become an easy way to perpetrate theft and fraud.

A banker at UBS, the global financial services company, used code words in email to leak information about mergers or acquisitions relating to large healthcare companies. At the same institution, an email was sent to a number of inappropriate recipients about General Motors and a share issue they were having. The resulting loss was close to $10 million and GM severed ties with UBS.

Email security is often very loose in companies. People often have the ability to send email to and receive email from others inside and outside of the company. They can attached various information to those emails, and have access to distribution lists that may or may not be related to their jobs.

In another case of a person being creative with company resources on their last day, an employee of Goldman Sachs copied and transferred actual computer programs related to their trading systems to another computer in another company. It appears that this act was to help the former employee make a successful start at his new job at the other company.

It is not only important that the company’s data be held securely, but that the actual computing infrastructure should be protected. The man-hours put into the creation of systems and the intellectual property contained therein represent a huge company investment and should be treated as one of its most valuable resources.

Security continues to be an important topic in the business place. As new ways to secure systems and information are created, it seems as if new ways to breach those systems follow shortly, giving us new reasons for concern.