Stay on top of trends
One key to dealing with all of these developments is for CIOs and their security teams to commit themselves to an ongoing learning process focused on new tools and technologies and the novel ways they will affect corporate security. Companies tend to go overboard with overly draconian security measures when a trend takes them by surprise. "There's a line of sensibility here," says Mellinger. "The object is to stay ahead of the people who aren't doing anything [malicious], who just have no security awareness at all. As long as I can stay ahead of that crowd, I'm in good shape."
SIDEBAR: Security Measures for Camera Phones
- Educate and remind employees about your company's policy on cameras and other audiovisual equipment. Enlist their help to report violations.
- Consider mobile detection technology for particularly sensitive areas such as executive suites or areas with ready access to intellectual property.
- Ensure that your camera policy protects employee privacy as well as corporate assets.
- Work with corporate procurement to ensure that employees who should not have camera phones are not buying or being provided with those devices.
SIDEBAR: Security Measures for Mini-Storage Devices
- For employees who need a USB drive, look into drives with built-in encryption.
- Disable USB ports and take administrative privileges away from the user.
- Make acceptable-use policies general enough to include emerging technologies. They should focus on the unacceptable behaviours rather than the kind of device that is used.
- Ensure that your security team members track new portable storage devices so that they can recognize unapproved devices.
- Educate employees about what devices are forbidden and why.
SIDEBAR: Security Measures for Wireless
- In the workplace, take steps to securely authenticate users and control network access.
- If you don't want wireless used at the office, keep sniffing, don't buy laptops with Wi-Fi and educate workers about unsecured wireless hazards.
- Educate employees who use wireless about scams like evil-twin networks.
- Build security policies around how and when users can access wireless networks.
- Use the best encryption standards available.
- Equip mobile devices with a software-based firewall and isolate connecting devices on the corporate network.
SIDEBAR: Security Measures for Peer-to-Peer and Web-Based Services
- Look into tools such as proxy servers that allow the security team to block access to undesirable services.
- Explain why some tools are dangerous, and look for ways to provide the same service securely.
- Design your security knowing that some of these programs will slip through your defences.