How do you feel about the security policies being implemented by your company? Do you think you’re secure even from the visitors that drop by? Maybe the old adage about an ounce of prevention still serves us well in these days.
I once visited a company that had what I thought was a strange security precaution at the door. At first I wondered why they didn’t allow CDs, mp3 players, and other portable devices, but then it made perfect sense when I was ushered into a section with open computers and left to my own devices. Had I come in with any sort of malicious intent I could get files off the computer.
Though the term podslurping has gotten attention because of the i-pod’s popularity as the mp3 player of choice by employees, any form of removable media device can be used. Cameras, thumb drives, and mp3 players can be used to get the data without being caught. This is actually quite easy nowadays because of the plug and play feature of most operating systems. There are already programs designed to search a network and find critical data. Simply insert the device of choice to an empty USB drive, and from there anyone can download possibly highly-sensitive data. That’s why some companies limit the use of those items at work, but it’s not the best solution. There are policies that don’t have to limit the employees’ and visitors’ use of mp3 players and cameras. One is to not allow storage devices to be mounted on any computers in the system. Another would be to use encryption on files and restrict access to confidential data.