Strict Access Controls in Place…Oh, really?!
November 22, 2010 ·
So, many companies have a false perception t hat their data is really secured and they know where and how it is stored. They have complex role-based access controls in place for their applications and network shares; however, they forget the simple basics. Breaches occur from someone who is trusted and is suppose to have access to the data. There are thousands of known cases where employees have stolen sensitive employee or customer information by writing it down during a customer service call or by copying it from the application screen. This shows you that you do not have to have backdoor capabilities to the application or have administrator rights to steal sensitive data.
To proactively prevent these attacks, you must first be aware and educated! Minimize your exposure by masking sensitive data on the screen and only have your employees collect the information that is necessary, such as the last 4 digits of the credit card number or social security number. Additionally, you can prevent applications from being able to print or export sensitive data from a protected application or location to a removable USB drive and so forth.
We all play a very important role in security and it is important to be diligent and responsible with sensitive data and your organization’s intellectual property. If you are aware of any known malicious activity such as above, please notify your management, RIGHT AWAY! I know many people who have been subjected to Identity theft and it can change your life tremendously!
Have a Great Thanksgiving! Be Safe!
c~Sharpe Security Consulting