Posted by Benjamin A. Boi-Doku in 
I came across an article highlighting 7 key security violations found in most organizations:
- Copying confidential information onto a USB memory stick
- Accessing web-based e-mail accounts from a workplace computer
- Losing a portable data-bearing device
- Downloading personal software onto a company computer
- Sending workplace documents as an attachment in e-mail
- Disabling security and firewall settings
- Sharing passwords with co-workers
There are numerous applications and solutions to combating many of these “sins” in the marketplace today. After looking at the numbers admitting to violating these rules, it’s clear that many organizations are at risk. When developing or updating a security plan, organizations should keep these violations in mind.
Here are some ideas to help get your organization going:
- Disable access to USB ports.
- Filter and monitor access to web-based email, anonymizers, and proxy avoidance sites.
- Encrypt all data on portable devices. If it can’t be encrypted, consider using another device.
- Disable the ability to install or run software outside of the corporate image.
- Filter outbound emails for attachments, and ensure attachments are encrypted.
- Remove the option to disable security and firewall settings.
- Biometrics and two-factor authentication. A password is something you know, but when you add the requirement for something you have (a token or secureID), or something you are (biometrics) to the authentication process, it’s significantly harder to violate this rule.
Read the full article here:
http://www2.csoonline.com/blog_view.html?CID=33355
