Copy Notify!: A Software to protect data on the office computers. USB Lock Software

USB Port Blocker

Upper Management, a weak link for data security?

By Mr. Zarir. M. Karbhari - Founder & CEO of CopyNotify!

Onsite visits are fruitful as you see your data security software product in action as well as get some crucial feedback from the network administrators on what they would like to see added to the security software in its next release.

Invariably during these visits the conversation leads to applied security policies and restrictions for data access, network resource & device usage. It is during these discussions that a common yet frightening security hole gets exposed every single time and that is 'Roadblock in applying planned Data Security Policies to Upper Management'. !

Let me give you an example of how a data security vulnerability gets created due to 'Upper Management'

Assume there is a security policy in place that insists that only company authorized USB Flash Drives and Devices should be allowed on the network while the rest should be banned using a USB Blocking Software on all PCs in office. Now enters a director / manager from upper management who 'pulls rank' on the network administrator and ensures that the security policy is not applied to his laptop/desk so that he can continue to use USB Flash drives and devices authorized or not on his computer as and when he chooses.

By not adhering to this security policy, this individual has jeopardized the network and its data by using unauthorized / not sanitized USB devices opening up the pandoras box of virus, malware and trojan introduction into the office network making it vulnerable to Data Loss and Hacker Attacks.

Perhaps it hurts his ego to have a security policy applied on him, perhaps he feels he does not have the time for this 'authorization process' or perhaps he has some 'devious' data theft plans but the point is that using his position of 'upper management' he ensures he is 'unofficially' exempted from the security policy using his 'senior' position in the company.

Another point is this 'upper management' dude could be the source of data theft himself since he has now exempted himself from the security policy concerning office data being transferred to USB devices / drives.

The 'one rule applies to all' should be adhered to if you want your security policy to be effective and robust. A junior level network administrator should not be put in a position where he makes ad-hoc exceptions to security policies or restrictions just because it is demanded by a senior grade employee. A security hole gets created and the company suffers sooner or later.

Data Loss Prevention in an office starts with having effective and practical security policies but these policies needs to applied through out the organization without exceptions. All personal whether at senior or junior levels need to be educated & updated about these security policies and the message of the importance security of company data should be loud and clear at all times.

CopyNotify! on Twitter