Tuesday, July 18, 2006
Yet another warning about USB drives
Carole Longendyke, a partner in a computer forensics firm and a better salesperson than I am, told the World Conference on Disaster Management that employees downloading confidential information to USB drives are a serious threat.
The flip response is that if you have untrustworthy employees on the inside, nothing you do matters anyway. That's not the answer it used to be. Your employees may think of themselves as employees of the temp firm or of the firm they're interviewing with because they know layoffs are coming.
Ms. Longendyke recommends telling your employees what you expect of them when they handle confidential information. She also recommmends starting an investigation at the first sign of trouble. Think twice about that one. Doing those investigations so the result can hold up in court requires that the investigators work carefully and methodically. They are highly skilled people. You'll be paying highly skilled people by the hour to work slowly and carefully. That's not expensive, that's %$#@! expensive.
Lots of places are happy to sell you tools for spying on your employees. Here are some wise comments about that from Bell Canada chief strategist Mike Gurski:
None of them hit the most important point. Don't be like the man who prompted Frederick the Great to say "In trying to defend everything he defended nothing". Decide what fraction of you corporate information is really confidential. Then limit access to it to people who have a business reason.
|
The flip response is that if you have untrustworthy employees on the inside, nothing you do matters anyway. That's not the answer it used to be. Your employees may think of themselves as employees of the temp firm or of the firm they're interviewing with because they know layoffs are coming.
Ms. Longendyke recommends telling your employees what you expect of them when they handle confidential information. She also recommmends starting an investigation at the first sign of trouble. Think twice about that one. Doing those investigations so the result can hold up in court requires that the investigators work carefully and methodically. They are highly skilled people. You'll be paying highly skilled people by the hour to work slowly and carefully. That's not expensive, that's %$#@! expensive.
Lots of places are happy to sell you tools for spying on your employees. Here are some wise comments about that from Bell Canada chief strategist Mike Gurski:
Gurski also said care must be taken to make sure "policies and practices do not intrude on worker privacy."Exactly right. Wreck morale and you can create just the kind of problem you were trying to avoid.
Employees, he said, should be educated about these policies and a mechanism for them to ask questions and get answers should be created to keep the communication lines open.
Gurski also advised companies to consult with their unions and keep tabs of "best practices" being adopted by other firms in similar industries.
Above all he said the policies should not be used to target low productivity or performance, organizations or "subsets" within the company. "The last thing you want is to develop draconian policies that sap morale."
None of them hit the most important point. Don't be like the man who prompted Frederick the Great to say "In trying to defend everything he defended nothing". Decide what fraction of you corporate information is really confidential. Then limit access to it to people who have a business reason.
# posted by Frederick @ 5:38 PM Email to a friend:
Haloscan: they provide trackback