By virtue of information technology being the key backbone of any organization, Information Technology security is considered as a key part of business strategy. Amidst constantly increasing threats in the cyber-security landscape, protection of valuable intellectual property and business data against theft or misuse is a critical issue. Such incidents also cause strain on not only regular business but can push the boundaries of business continuity to the very edge.
The various touch points where critical data could be potentially taken out illegally from the company network include more than the traditional ways of storing/sharing data like mass storage accessible via USB, printing stations, emails, internet accessible data sharing platforms like Microsoft OneDrive, Google Drive, DropBox etc. wifi and access points. The latest threat is the smartphone used by almost every employee. Once connected into the network, for as simple reason as charging the battery, it can act as storeage device. In hand of a serious hacker the smartphone can be used to circumvent all controls one may have on the traditional access points.
Organization can few steps to ensure appropriate controls are in place and to raise red flags whenever these controls are breached. While below is not an exhasutive list but it can give firm assurnace of compliance.
• Activity Log: It is critical that every activity of managed computers and devices are monitored and logged. Ideally, it should display reports of the files created, copied, modified and deleted by users via a central console. These reports should be viewed regularly for any red flags.
• Sessions Activity: A report which gives the startup/shutdown, log on/off remote session connects and disconnects. Admins should not have access to this data and should be reviewed by an independent body for obvious reasons.
• Print Activity: Efficiently monitors and log printing tasks done by all the endpoints in the network. It also provides a detailed report of all printing jobs done by managed endpoints through any printer connected to any computer locally or to the network.
• Application Control: Administrator should have the right to to block/whitelist and/or define time restriction access or blocking execution of applications on endpoints. Idea is to ensure only the whitelisted applications can be accessed while all other third-party applications are blocked (e.g. Microsoft One Drive, Google Drive etc.). Ability to control access to portable devices that can be connected to end points on the network. Admins SHOULD have ability to allow or block access to USB devices such as webcams, CDROMs, Composite devices, Bluetooth devices, SD Cards or Imaging device.
• Scan: All types of media including email and as well attachments that goes out of the company network should be scanned. There remains high probability of employees sending critical data to their personal email. During detection it should have ability to block such attempts and as well raise a red flag.
• Settings: Any changes to the settings which any way alters the way these logs are generated or recorded should be monitored and logged. This ensures admins do not get a free hand as to which of their activities can or cannot be monitored/ logged for them.
• Blocking other channels: In sensitive places BAN use of mobile phones or ensure that area is under surveillance where suspicious activity gets reported to a competent authority. This is a huge task as for large organizations where an army of security staff is needed to man the cam stations unless there is technology which can through an alert the moment someone clicks a pic of his computer screen form his mobile phone.
Lastly generating the Red flags is NOT enough. One should have a robust process where all these are reviewed and acted upon. Ideally automated alerting should be included in any data loss prevention (DLP) program to reduce any manual interventions and a fool proof escalation process where in if an alert is not acted upon then management chain is aware that an incident has happened while no action was taken. In larger organizations automated alerting process MUST be complimented with a meaningful metrics which gets shared with top management so that everyone is held accountable for any breach.