A Number Of Security Rules Employees Break

Jan 7, 2009 2:31 PM


         Subscribe in NewsGator Online   Subscribe in Bloglines

Most CSOs and security managers know employees are taking risks everyday that could set their company up for a breach. CSO Magazine spoke with John Stewart, CSO of Cisco, as he offered his take on rules people love to break and offers advice on getting them to stop.

-- Allowing "tailgating" and unsupervised roaming. According to a recent Cisco survey, more than one in five German employees allow non-employees to roam around offices unsupervised. The study average was 13 percent. And 18 percent have allowed unknown individuals to tailgate behind employees into corporate facilities. The reason, according to Stewart, is that confronting people who may be gaining access illegally is difficult for people.

Stewart recommends creating an environment that makes it hard for people to tailgate. Consider signage that even states tailgating is not allowed.

-- Adding unauthorized wireless access points. At Cisco, the process of dealing with unauthorized wireless access points is known as 'whack-a-mole,' according to Stewart, because they pop up so frequently.

Wireless access points can be needed either by employees looking to test things, or when people who don't normally need access suddenly do.

-- Stewart advises having a clear and consistent policy with consequences. Consistency is key.

"If the consequences aren't severe, most people won't take you seriously. Get serious about real rules. I know some companies who will charge the department with the person who put the wireless access point on the network. The bill goes to the manager of the person that did it. You can imagine how that plays out."

-- Sharing corporate or sensitive information with unauthorized people. According to Cisco research, one of four employees (24 percent) admitted verbally sharing sensitive information to non-employees, such as friends, family, or even strangers. When asked why, some of the most common answers included, "I needed to bounce an idea off someone", "I needed to vent", and "I did not see anything wrong with it."

Stewart thinks companies need to educate workers to treat corporate information like it's a personal secret.

-- Putting sensitive data in the wrong place. This could mean copying or extracting corporate sensitive information from protected place and putting it on handheld device. It could also mean e-mailing information to an outside, non-corporate e-mail account. Whatever the scenario, it means sensitive information could get in the wrong hands, especially if it's on a portable device that gets lost. Cisco research found 22 percent of employees carry corporate data on portable storage devices outside of the office.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

This month in Access Control

Latest Jobs

Popular Stories

Resources

Back to Top