classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017


Make sure the channels are safe
May 2018, This Week's Editor's Pick, Cyber Security, IT infrastructure

Do you control all the channels used for transferring confidential information? Condyn and SearchInform, a developer of information security products represented by Condyn in the African market, guide readers through the threats they may encounter.

Companies should be aware of how many possible data leakage sources they have. Email, phone calls, instant messengers and social networks, cloud storage, external storage devices – to name a few. It doesn’t matter whether it's about deliberate or accidental leakage, the channels are the same.

Jorina van Rensburg.
Jorina van Rensburg.

Corporate channels of communication, such as Exchange, IP telephony, file servers, SharePoint, Office 365, etc., can be managed with the help of security policies, but personal ones – web mail, social networks, blogs, forums, etc. – have always been out of control.

Is there any point in monitoring if half of the communication channels remain vulnerable to breaches or misuse? Here are some crucial reminders of how else your information can be leaked.

Printing

The transition to digital format doesn’t mean that there’s no need to control printed documents. Paper can still be leaked. Remember Reality Winner1? While working for the NSA, she printed, took away and handed over the top secret report to journalists.

Here is another example. The head of the sales department used to work in different branch offices of the company, and several remote printers were configured for him so that he could print out the necessary documents in any office. Once his colleague received a message "Run to the printer, grab the documents, don’t look, put it straight through the shredder." The manager sent the document to the wrong device and printed out an important contract in another office.

Anyone can accidentally see confidential documents or even pick up printed files, especially if the printer is accessible for all the employees. And if you don’t find documents near the printer, the first thing you are most likely to think about is that you’ve run out of paper or ink.

Private email

Companies that monitor confidential data transfer often intercept internal documents sent to employees’ private email. A manager could send a development plan to himself to work from home. But what if he decided to share his secrets with the competitors? The analysis of correspondence will help find out about his true intentions.

Incoming emails from head hunters as well as messages from suspicious addressers pose another security problem. 65% of malware2 invades computers through infected attachments. An employee who opened the file due to carelessness or out of curiosity, jeopardises the security of the entire network.

Accidental leaks might occur as well. Six out of ten companies3 faced the fact that employees attached documents which they shouldn’t have sent by mistake.

Messengers and social networks

Today we use instant messengers and text each other in social networks for personal and business purposes. WhatsApp, Viber, Telegram and Facebook Messenger are sources of potential data leakage. Employees like messengers for ease of use, they think they’re protected from monitoring, therefore can discuss ‘secret’ topics.

Employees’ dependence on social networks might lead to exposure of unofficial or inappropriate information about the company. Uncontrolled social media publications can damage the reputation of your business. SearchInform’s experts brought to mind the case when factory employees should have checked the background before making selfies. Sharing these photos revealed some secret installation behind them. Another case featured an employee of a telecommunication company who leaked the client base to competitors via social network.

External storage devices

Flash drives, hard drives and other external storage devices are quick and simple to use that’s why they often become the source of a leak. Employees might upload confidential data to a USB flash drive intentionally. An employee of the state administration – SearchInform’s client – decided to take away more than a thousand top secret documents.

A careless employee might lose the device, as it happened in Heathrow Airport4, when an unemployed person picked up a USB drive with 2.5 GB of confidential files belonging to the largest airport in the UK which included the itinerary of Queen Elizabeth II.

Internet

An irreplaceable tool at work is a major channel responsible for information leakage. What gets posted on blogs? Which files do employees upload to cloud storage? Which sites do they visit? What are they looking for in Google? All these actions put confidential data at risk and can compromise the wellbeing of the company.

For example, an employee downloads from the Internet a harmless application for work. Along with this application comes the ransomware or malware installed on your PC for hidden mining and accessing confidential information of the company’s server. Boeing5 is one of those who have already fallen prey to WannaCry ransomware.

If there are threats everywhere, what do companies have left to do if it is impossible to avoid the Internet, email and other benefits of IT civilisation? Condyn recommends that they leave all the channels of communication open and keep them under control.

Comprehensive control with the integrated DLP (data leak prevention) system allows employees to use the necessary tools and communication channels freely and safely while protecting data from loss or theft. DLP systems will control file transferring and printing, sudden outbursts of communication in messengers, visits to the websites which aren’t related to the job responsibilities and will warn about possible leakage. Such a protection model facilitates business processes and contributes to the communication efficiency of employees.

KPMG's Global profiles of the fraudster6 study shows a curious detail: 37% of employees ‘caught cheating’ explained their actions were neither a malicious intention nor an accident – they did it only because they had the opportunity to do so. Companies should not create such opportunities, they might want to find weak spots instead and improve data protection.

SearchInform has developed a concept which makes its product differ from the standard DLP. The MPL approach stands for Money Loss Prevention. The key idea is to provide an organisation not only with incident control and notification but with the tools which will analyse the situation before the incidents happen. The MLP features the classic DLP bundled with in-depth evaluation of employee behaviour. The extra modules constitute a Forensic Suite helping to detect tendencies in the workplace, dubious activity and collect a violation evidence base. Any questionable correspondence or action among employees may cause financial damage – money loss or recovery costs. The ‘next generation DLPsystem’ reveals side schemes of sales, identifies risk groups and opinion leaders, and seamlessly keeps track of business processes.

Condyn will be hosting two events to further discuss this topic as well as SearchInform’s capabilities.

• Johannesburg Roadshow: Forever Hotel @ Centurion (/O Basden Ave & Rabie St, Lyttleton, Centurion), 16 May 2018, 09:00 – 13:30.

• Cape Town Roadshow, Atlantic Imbizo (3rd Level, Clocktower Offices, Clocktower Precinct, Cape Town Waterfront), 23 May 2018, 10:00 – 14:00.

To attend, please RSVP to rsvp@condyn.net or contact Leon Labuschagne on 082 7884556, or Riana on 082 333 4464.

References

1. https://www.nytimes.com/2017/06/06/us/politics/realityleighwinnerleaknsa.html

2. http://www.verizonenterprise.com/verizoninsightslab/dbir/2017/

3. https://www.darkreading.com/endpoint/60ofbusinessesmistakenlysentoutsensitivedocuments/d/did/1328396

4. https://www.mirror.co.uk/news/uknews/terrorthreatheathrowairportsecurity11428132

5. https://www.forbes.com/sites/leemathews/2018/03/30/boeingisthelatestwannacryransomwarevictim/#187e2cc56634

6. https://home.kpmg.com/xx/en/home/insights/2016/05/globalprofilesofthefraudster.html


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Measure it if you want to manage it
    August 2018, Adamastor Consulting, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    There is no doubt that one of the differentiators between service providers is going to be the ability to make efficient use of data. We need more data detectives to meet the challenges.
  • Using data to stay secure
    August 2018, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    Situational awareness beyond the boundary walls can have a significant impact on the security of an estate and the wellbeing of its residents.
  • Technology risk assessments
    August 2018, Adamastor Consulting, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    Rob Anderson says the role of security practitioners is to continually work on mitigating risk, both physical and technological risk.
  • What is a security risk assessment?
    August 2018, Alwinco, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    Alwinco's Andre Mundell takes a look at what a real security risk assessment is, what it entails and what it delivers.
  • Efficient and proactive control rooms
    August 2018, Technews Publishing, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management, Residential Estate (Industry)
    A question many estate managers face is whether they should keep the control room onsite and manage it and the relevant staff internally, or whether they should opt for a remote monitoring service.
  • Securing Serengeti
    August 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management, Perimeter Security, Alarms & Intruder Detection, Integrated Solutions, Security Services & Risk Management, Residential Estate (Industry)
    Serengeti Estate offers luxury, golf, conferencing and security, and the estate is on a new growth phase to incorporate more people and services within its 17.5 km boundary.
  • Radar comes home
    August 2018, Technews Publishing, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection, Integrated Solutions, Residential Estate (Industry)
    Covering up to 15 km in real time, radar-based perimeter and intrusion detection is set to change the way security operations on estates are managed and planned.
  • First line of defence
    August 2018, Technews Publishing, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection, Residential Estate (Industry)
    Hi-Tech Security Solutions asks what the best practices to take note of for installing and maintaining your electric fence.
  • Secure in their retirement years
    August 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management, Residential Estate (Industry)
    A retirement village with a limited budget upgrades its security to protect residents from increasing criminal activities.
  • Protection via thermal detection
    August 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
    Thermal cameras offer almost unbeatable surveillance security for estates and are the envy of any security manager.
  • Make CCTV testify for you
    August 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
    Warrant Officer Bongiwe Gqotso highlighted some key points to consider when it comes to extracting evidence from your surveillance installation at the Residential Estate Security Conference 2018.
  • Cathexis Technologies demonstrates the power of VMS at Izinga Estate
    August 2018, Cathexis Technologies, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, Residential Estate (Industry)
    Cathexis installed a fully integrated video management system to support the surveillance and third-party security systems for Izinga Estate.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.