Thumbs Down: False Sense of IT Security

Corporations spend millions each year on information security and take measures to prevent data intrusion by outsiders. Indeed, these IT security issues are on the short list of internal controls discussed in audit committee meetings each year. Ironically, though, there are gaping holes that continue to be unaddressed: (1) unregulated instant messaging tools, (2) employee use of web-based, personal email from inside company firewalls, and (3) the advent of the “thumb drive.”

It is admittedly difficult to strike the right balance between allowing employees access to the Internet from work computers and making people do not use these liberties to misappropriate company information or trade secrets. Outside the US, there are strict restrictions on the extent to which a company may monitor employee email, but in the US there are tools that can help monitor and restrict access to ISP mail hosts like Yahoo, MSN or Google from inside the firewall.

Instant messaging is a whole other ball of wax. It is easy to download and send attachments using IM technology. There are ways to address the problem, but many organizations are loathe to incur the expense of better infrastructure. Companies might, for instance, develop an intranet portal, which can be used for internal instant messaging tools. However, even if willing to make the investment and enfoce such policies with an iron fist, these cultural changes are not popular. Messing with the email and IM of people is “personal,” and there is always a business argument in favor of allowing access to outside email and resources on the Internet.

Those organizations willing to impose Internet access restrictions in the hope of avoiding the loss of critical information or mitigating computer virus risk still have another hurdle to overcome. If someone wants your confidential or sensitive data, it is quite easy to pull information off a system with the use of flash drive technology. The ultimate cure, then, continues to be what is known as enterprise content management.

So, even those who spend the millions on security but do not have a plan to restrict access to critical data through permission-based information management systems, “thumb drives,” IM tools and web-based email is going to hurt you when you least expect it.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: