Many causes of information security problems exist, including those described below.
To protect a business's intellectual property from such threats, Hitachi believes in the importance of implementing a client PC security solution based on four perspectives: "Don't allow connection", "Don't allow use", "Don't allow removal", and "Don't overlook".
Prevent connections from unauthorized computers. - Don't allow connection
When employees bring their own unauthorized computers into the workplace and connect to the in-house network, the company-internal sales information they access might be copied to their computers, brought outside the company, and inadvertently leaked. Additionally, we've all heard of cases in which employees return from an extended business trip, connect their laptop computers back into the company LAN, and end up being infected with a computer virus when they open an email. The majority of such problems are caused by old anti-virus software pattern files or neglecting to update security patches.
Preventing such problems requires keeping unauthorized or vulnerable PCs from connecting to the in-house network.
Prevent the use of prohibited software. - Don't allow use
Sometimes software comes with unseen security vulnerabilities, such as those that computer viruses exploit. It is therefore important to be very discriminating about which software can be used within the enterprise, and to be vigilant about maintenance and usage. Continued use of various kinds of unreviewed software increases the risk of system corruption and the leakage of sensitive information. Even when rules are in place to prohibit the use of some software within the company, users uninterested in or unaware of the risks involved can end up installing such software without the knowledge of administrators. Therefore, it is necessary to set up an environment where software unnecessary for operations is prevented from being used.
Prevent the copying of sensitive information without permission. - Don't allow removal
We've all heard of cases in which employees copy business data onto USB memory to take their work home, and in which company-internal sales information copied to USB memory has been lost. The leakage of confidential information and customer information can result in the loss of profits and client trust, causing long-term viability problems. Additionally, information can be copied not only to USB memory and other electronic media, but also to printouts and other paper media. When data is of such importance, why allow it to be easily printed out and then handle the printed data carelessly? To prevent information from being leaked outside the company in such ways, it is important to control the ability to remove the information so that administrators inhibit the copying of data onto removable media (e.g. CD, USB memory), and the output of data on printers without permission.
Find suspicious activities. - Don't overlook
Sales information and customer information must be handled with extreme care. However, when employees carelessly copy important files from the file server to their own computer for reference, even without any intention of leaking information, the information can inadvertently be leaked outside the company. Additionally, when employees abuse computers for their own personal use, they can cause security problems. User operations for PCs and files must be logged so that, if a security problem occurs, the copying of customer information, transmission of email, and other illegal computer operations likely to have caused information to leak can be investigated, and so that the file operation history can be examined to understand the flow of important information. Understanding who has been doing what on a client computer is of critical importance for proving that the computing environment within an enterprise is properly managed and for quickly determining the causes and effects of leaked information.
Overlooking security measures for even one computer can invite significant damage. For this reason, the possibility of information security problems is frightening. To ensure that a client PC security solution is implemented on all client computers, you must improve the ethics of your employees and use the appropriate tools. Next time, we'll explain how to use JP1 to implement a client PC security solution. See you then!
