Please support our Tech Talk advertiser:
Featured Entry 
Jun 13th, 2007, 6:32 am
Check Point Software Technologies, developers of the ZoneAlarm security range, has announced the results of research which suggest that half of all staff will happily walk away from employment with competitive information about your business in their pockets. That they are walking straight into another job with it should be cause for concern to any employer worth his or her salt.
85% of employees questioned said that they could easily download useful information and data and take it with them when they moved job. This despite the fact that 75% of the companies they worked for having a competitive intelligence policy for departing staff. Perhaps the small matter of 75% of them not having a matching security policy to prevent data walking out of the door has something to do with the discrepancy?
At the heart of the problem would appear to be the fall in price and rise in capacity of USB memory sticks. The survey found that 33% of people store work data on a USB stick compared with just 14% using the company laptop. That’s 14% using the often highly secured company laptop compared to 33% using an USB stick that the company don’t even know exists let alone has applied any security thought to.
Of course, a USB stick is not only cheap and easy to carry, it’s also easy to lose. And if you take the top end of the market, a 16Gb capacity stick, that’s the equivalent of being able to carry 640 reams of paper around!
As Check Point spokesman Martin Allen points out “Companies spend millions on their security and just forget about the fact that millions of pounds worth of valuable data is “going walk about” on people’s key rings and a great deal are very happy to download information to take with them to their next job.”
85% of employees questioned said that they could easily download useful information and data and take it with them when they moved job. This despite the fact that 75% of the companies they worked for having a competitive intelligence policy for departing staff. Perhaps the small matter of 75% of them not having a matching security policy to prevent data walking out of the door has something to do with the discrepancy?
At the heart of the problem would appear to be the fall in price and rise in capacity of USB memory sticks. The survey found that 33% of people store work data on a USB stick compared with just 14% using the company laptop. That’s 14% using the often highly secured company laptop compared to 33% using an USB stick that the company don’t even know exists let alone has applied any security thought to.
Of course, a USB stick is not only cheap and easy to carry, it’s also easy to lose. And if you take the top end of the market, a 16Gb capacity stick, that’s the equivalent of being able to carry 640 reams of paper around!
As Check Point spokesman Martin Allen points out “Companies spend millions on their security and just forget about the fact that millions of pounds worth of valuable data is “going walk about” on people’s key rings and a great deal are very happy to download information to take with them to their next job.”
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 2,199 views, 9 comments, and 15 linkbacks. 4 voters have rated this entry an average of 4.25 out of 5 stars. It was promoted to featured status Jun 13th, 2007.
•
•
•
•
advertising apple botnet browser business crime daniweb data development email environment europe facebook firefox forensic gaming google hacking hardware help ibm internet iphone ipod law legal linux malware microsoft mobile mozilla news privacy research search security social networking software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Comments (Newest First)
cutepinkbunnies | Junior Poster in Training | Jun 18th, 2007
•
•
•
•
•
•
•
•
Originally Posted by Toba
There is nothing that can be done about this from the technical side. It will always be possible. If you lock down the computers to the point that they can't do this, they won't be able to get any work done either.
Windows Vista clients can be configured to prevent this theft possibility. I don't understand how inserting and using a foreign/unauthorized USB memory stick interferes with someone's ability to get work done.
Toba | Junior Poster | Jun 17th, 2007
•
•
•
•
There is nothing that can be done about this from the technical side. It will always be possible. If you lock down the computers to the point that they can't do this, they won't be able to get any work done either.
jwenting | duckman | Jun 15th, 2007
•
•
•
•
Very little has changed. In the past people could walk out the door with boxes full of copied documents from the company archives and noone would blink, today they copy those same documents to a flashdrive or CDR (yes, ever more people have CDR drives in their systems at work).
The idea is to not allow people access to things they have no need to see, and to make them happy enough that they have no incentive on leaving to steal things (and make sure they know the consequences if caught).
My father could easily have walked out on his job as a tax/business consultant at a major firm with damning information about hundreds of companies (including the one he worked for and all the customers of his department) and noone would have noticed.
At the time his only computer access was a mainframe terminal and a 5150 series IBM luggable which he can't carry because of his bad back...
But as a senior consultant he had access to all the archives as well as having copies of ALL client files for his department in his office and a photocopier just around the corner in the hallway.
He also had the keys to the building so he could work nights and weekends.
Noone ever checks who takes boxes of paper and other small stuff from store rooms and noone ever checks who uses photocopiers (in most companies, there are some where you have to swipe a keycard to use them at all, mainly to enable billing per department), so making copies would have gone unnoticed.
Do it over a weekend and he could have done it.
It could have brought him a LOT of money too most likely, but he never even dreamed of doing it.
People who do dream of doing such things however won't be stopped by pretty much anything set up to prevent them. They'll always find a way. All you can do is make it harder for people who should not have had access to the information in the first place to find the information, but once you've found it you can always take it out one way or another.
And indeed, maybe you can't cram into your head what you can cram onto a flashdrive. Not in one go at least...
But you will have time, take it out in bits and pieces.
Less chance to get noticed too...
The idea is to not allow people access to things they have no need to see, and to make them happy enough that they have no incentive on leaving to steal things (and make sure they know the consequences if caught).
My father could easily have walked out on his job as a tax/business consultant at a major firm with damning information about hundreds of companies (including the one he worked for and all the customers of his department) and noone would have noticed.
At the time his only computer access was a mainframe terminal and a 5150 series IBM luggable which he can't carry because of his bad back...
But as a senior consultant he had access to all the archives as well as having copies of ALL client files for his department in his office and a photocopier just around the corner in the hallway.
He also had the keys to the building so he could work nights and weekends.
Noone ever checks who takes boxes of paper and other small stuff from store rooms and noone ever checks who uses photocopiers (in most companies, there are some where you have to swipe a keycard to use them at all, mainly to enable billing per department), so making copies would have gone unnoticed.
Do it over a weekend and he could have done it.
It could have brought him a LOT of money too most likely, but he never even dreamed of doing it.
People who do dream of doing such things however won't be stopped by pretty much anything set up to prevent them. They'll always find a way. All you can do is make it harder for people who should not have had access to the information in the first place to find the information, but once you've found it you can always take it out one way or another.
And indeed, maybe you can't cram into your head what you can cram onto a flashdrive. Not in one go at least...
But you will have time, take it out in bits and pieces.
Less chance to get noticed too...
Miacol | Newbie Poster | Jun 15th, 2007
•
•
•
•
Information is becoming the key to it all. Whether a company continues to provide access to the level of information currently able to be sourced on a USB key remains to be seen. But something has to change, or we can probably expect to see an international court case about stolen company information.
Now zonelabs are just about my favourite antispyware tool, next to Dr spyware - so I anxiously await the new Vista version of zonelabs.
Now zonelabs are just about my favourite antispyware tool, next to Dr spyware - so I anxiously await the new Vista version of zonelabs.
vssp | Junior Poster | Jun 15th, 2007
•
•
•
•
notbad
cutepinkbunnies | Junior Poster in Training | Jun 14th, 2007
•
•
•
•
Vista clients can be configured to prevent this theft possibility.
As a previous poster pointed out, yes good treatment of employees is a great practice for infosec but sometimes this comes down to dollars and potential profit for the thieves.
Great article.
As a previous poster pointed out, yes good treatment of employees is a great practice for infosec but sometimes this comes down to dollars and potential profit for the thieves.
Great article.
Toulinwoek | Junior Poster | Jun 13th, 2007
•
•
•
•
Some (not all, of course) of this kind of thing would be eliminated, or at least minimized, if companies put as much effort and sincerity into treating their employees fairly and right as they do enriching some of these CEO's to sit on their dead behinds all day.
happygeek | He's The Daddy | Jun 13th, 2007
jwenting | duckman | Jun 13th, 2007
•
•
•
•
far more damaging is all the information those people carry out in their heads!
All the years of training you spend on them, all the secrets about your company processes and products they accumulated through creating them.
Must not allow your people to take their heads out of the building!
All the years of training you spend on them, all the secrets about your company processes and products they accumulated through creating them.
Must not allow your people to take their heads out of the building!
Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- Guild Wars 2: In-House FAQ (13 Hours Ago)
- UK ISPs agree to throttle illegal music file-sharers (19 Hours Ago)
- Intel To Focus on Devices, Again (1 Day Ago)
- WikiGoogle or GooglePedia? Nope, it is Knol actually. (1 Day Ago)
- 5-4-3-2-1 your website in infected (2 Days Ago)
- Botnets boost click-fraud rate (2 Days Ago)
- Apple ships 2.5 million Macs, sells 11 million iPods and 717,000 iPhones in just 3 months (3 Days Ago)
- Limbo 2 Trojan comes complete with guarantee of invisibility (3 Days Ago)
- More Dark Spots on Apple's MobileMe Migration (3 Days Ago)
- Power-Sipping PC Runs Linux (4 Days Ago)
Related Forum Threads
- Data Recovery (Storage)
- i have a data cable motorola T720 i need a software ringtone (Gadgets and Gizmos)
- accessing private data members (C++)
- Can't Enter Data Into IE 6 (Web Browsers)
- How do you access Data in a QBasic 2.0 Data Table (Legacy and Other Languages)
- data file help (C)
Even the dumbest USB memory stick can.