Preventing security risks, breaches in the workplace

MANILA, Philippines – Corporate information appears to be on the target list of a growing number of cybercriminals, who have capitalized on a variety of social engineering techniques to target the weakest link in any type of information security structure — the employees.

Traditional security software are often designed to face outward with very minimal security measures in place to prevent data loss from the inside. Thus, employee activity is crucial.

Confidential information — from personal banking credentials to management plans to in-office politics — can be leaked if workers are not careful with what they share online.

An estimated 23 million Filipinos have access to social networking sites such as Facebook and Twitter, and many of them are workers who check and update their accounts in their offices. Cybercriminals can piece together data from information uploaded by employees in these sites to create convincing ploys that would eventually give them access to vital places inside the network. This can potentially lead to information theft through malware attacks or data leaks endangering company trade secrets.

Access to data

According to Myla Pilao, director of TrendLabs Marketing Communications, there is still the possibility that cybercriminals may gain access to sensitive corporate data if an unsuspecting employee executes a malicious script sent via e-mail or social networking accounts.

Pilao said the problem is exacerbated by the increase in the use of mobile devices such as tablet PCs, laptops, netbooks, and smartphones in the workplace, plus the employees’ unofficial use of the Internet.

The recent “Nicole Santos” spam and the fake Bin Laden execution videos on Facebook are just some examples of cybercriminals taking advantage of the social medium. These attacks employed social engineering tactics that tricked people into clicking links that directed to malware.

The easiest solution for a corporation to prevent attacks is restricting employee Internet access. In other cases, policies even go as far as disallowing workers to use their mobile devices in the office.

Pilao explained that though these solutions seem foolproof, they can actually hinder growth in the long run as social networking sites not only provide direct access to targeted customers and clients, but can also foster lasting relationships with such clients who use their own social networks to promote certain services.

Holistic approach

Instead of stifling the use of social networking, Pilao recommended a holistic approach of combining automated security and workplace computing policies to keep the workplace safe from data breaches and leakage.

Companies should let their employees access only the information or resources necessary for the tasks assigned to them. Create comprehensive yet flexible policies and restrict access rights that will govern the use of portable devices and social networking sites without hampering employee productivity.

Employees should also be educated on the impact of data leakage through orientations on e-mail handling, file sharing, mobile device usage in the work context, and how employees should conduct themselves on social networking websites.

All important data should be backed up in case the system is ever compromised.

Company programs, applications, and operating systems must be patched regularly to avoid having vulnerabilities which cybercriminals can exploit.

Security review

Lastly, businesses should make it a point to re-evaluate their current security software. The in-place security solution should be able to provide real-time, 24/7 network monitoring without burdening the system’s performance.

The security software must be able to scan, monitor and encrypt private data in endpoint input and output devices, as well as defend all possible network channels, blocking unauthorized data transfers through e-mail, HTTP/S, FTP and instant messaging.

Trend Micro Data Loss Prevention is a family of security solutions that not only secures company data at all ends, but also helps lower operations costs and cuts down system complexity.

It supports compliance with industry regulations by implementing controls for protection, visibility, and enforcement.

As an added value, it also educates its users by aiding companies to customize interactive dialogues that will notify employees of potential risks. –(The Philippine Star)