Wednesday, October 22, 2014

Why the IT Guy Can't Protect Your Information

  • Most “computerized” information is available
    elsewhere long before it is put into a computer.
  • Hacking is only one tool in the spy's kit.
  • Data theft is the low-hanging fruit of the business
    espionage world. Pros use bucket trucks.
  • Traditional spying is invisible. Hacking leaves trails.
    Result... IT guy gets budget. Company is still a sieve. 

Go Holistic
Close All Loopholes

Loophole 1: Information Generation
    People generate information. They talk, discuss, plan. The human voice contains the freshest information.
    Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices, labs, conference and boardrooms on a scheduled basis. TSCM works.
Ford Motors found voice recorders hidden in seven of their conference rooms this summer.

Loophole 2: Information Transmission
    People communicate. They phone, fax, email, hold teleconferences — over LAN, Wi-Fi and cables.
    Traditional wiretapping and VoIP/Wi-Fi transmission intercepts are very effective spy tools. TSCM sweeps discover attacks.

Loophole 3: Information Storage
   People store information all over the place; in unlocked offices, desks, and file cabinets. Photocopiers store all print jobs in memory. TSCM surveys identify poor storage, and the perimeter security gaps which put storage at risk.

Loophole 4: Information Handling

    People control information. Educate them. Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Enforce them.

    Effective information security requires a holistic protection plan. IT security is an important part of this plan, but it is only one door to your house of information.

by Kevin D. Murray CPP, CISM, CFE