PRWeek: According to Promisec's recent survey, there's been a dramatic increase in internal network security threats, such as unauthorized personal storage and unauthorized peer-to-peer (P2P) applications, in the past year. To what do you attribute this increase?
Alan Komet: Users are becoming more savvy as to what they want on their work PCs. Therefore, they are beginning to install P2P applications at will unless the IT managers intervene.
Storage has become more mobile via USB sticks that allow easy transport of presentations or other material. Staff members are using their own inexpensive external hard drives to back up personal information as well as data used for work, which can spread viruses throughout the network, or lead to either inadvertent or malicious copying and leaking of private corporate data.
PRWeek: What are your suggestions for organizations that want to decrease the number of internal threats?
Komet: We recommend to organizations that they implement a comprehensive endpoint security strategy. Employee education and the ability to have visibility of all endpoints are critical.
To prevent data theft, the first thing you need to do is make sure people only have access to what they need to have access to. Training staff to understand the importance of data security and having someone in charge of monitoring this can go a long way toward protecting you from data theft.
A comprehensive antivirus strategy needs to be up and it needs to be updated. Just installing it on your desktops and betting on your users goodwill won't work. Make sure the antivirus is centrally managed and updated so it can't be disabled individually.
It used to be enough to just check the firewall log and have some bandwidth control device in place, but P2P applications are becoming smarter and most of them use common protocols now. To prevent employees from installing P2P applications, start by explaining to people the potential risk these applications pose. Then make sure employees only have the permissions they need for their desktops/laptops. There are tools in the market which help you monitor which applications are installed, remove unwanted applications, and prevent them from being installed in the future. Find one of these that fits your budget.
PRWeek: Why is network security of particular importance to the PR and communications industry?
Komet: Communications strategies and campaigns have two major aspects to them - timing and privacy. In the specific industry sense (not unlike law firms, for example) you would not want data about a client's campaign or the timing of launches to be breached. For all industries, many of the same network security standards apply, such as maintaining up-to-date Windows registry, up-to-date antivirus programs, and prohibiting unwanted software.