Thursday, October 16, 2014

Tunnel Vision Focus on IT Security - The Biggest Mistake...

...companies make when securing sensitive data.


• All pre-computer era information theft tactics still work, and are still used.
• Most “computerized” information is available long before it is put into a computer.

• Data theft is the low hanging fruit of the business espionage world. The real pros use ladders.

Murray's Holistic Approach to Information Security

1. Protect information while it is being generated (discussions, audio and video communications, strategy development). Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices and conference rooms on a scheduled basis. Example: Ford Motors found voice recorders hidden in seven of their conference rooms this summer.

2. Protect information while it is in transit (phone, teleconference, Board meetings, off-site conferences). Wiretapping and Wi-Fi are still very effective spy tools. Check for wiretaps on a scheduled basis, and/or encrypt the transmissions. Conduct pre-meeting TSCM inspections. Tip: Never let presenters use old technology FM wireless microphones. The signal travels further than you think, and is easily intercepted.

3. Protect how information is stored. Unlocked offices, desk and file cabinets are a treasure trove of the freshest information. Print centers store a copy of all print jobs. Limit written distribution of sensitive information. Crosscut shred sensitive waste paper. All these vulnerabilities and more should be covered during the security survey portion of your TSCM inspection.

4. Educate the people to whom sensitive information is entrusted. Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Explain the importance of information security in terms they can understand, e.g. “Information is business blood. If it stays healthy and in the system, your job, and chances for advancement, stay healthy.”

Effective information security requires a holistic protection plan. IT security is an important part of this plan, but it is only one door to your house of information.
There is more you need to know. Contact a TSCM specialist for further assistance. (