Security professionals should practice what they preach, and many don't when it comes to privacy.
Calling privacy "a neglected area" in information security, expert Sarah Gordon said security professionals need to set an example by taking advantage of technical and policy solutions that can help mitigate risks to corporations.
In analyzing a recent survey conducted by her company, Gordon, a Symantec senior research fellow, found that a surprisingly large number of security practitioners fail to encrypt sensitive materials.
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
 |
||||
|
|
|||
|
||||
The majority of the 154 surveyed in the United States, United Kingdom and European Union failed to encrypt data on the hard disk (85%); don't encrypt all e-mail messages (98%); and don't even encrypt sensitive e-mail messages (62%).
Gordon noted that failure to take steps to protect this information could easily cost companies money through the loss of intellectual property, particularly when e-mail and attachments pass through many points with potential eavesdropping prior to reaching their destination. Other consequences could be the loss of time, work and credibility.
Gordon's advice to enterprises is standard. Encrypt this information to protect it in transit from prying eyes, and from theft by Trojans and malicious code on the hard drive.