Privacy: Security pros should practice what they preach |
 |
By Shawna McAlearney, News Editor
16 Aug 2004 | SearchSecurity.com |
|
|
Security professionals should practice what they preach, and many don't when it comes to privacy.
Calling privacy "a neglected area" in information security, expert Sarah Gordon said security
professionals need to set an example by taking advantage of technical and policy solutions that
can help mitigate risks to corporations.
In analyzing a recent survey conducted by her company, Gordon, a Symantec senior research fellow,
found that a surprisingly large number of security practitioners fail to encrypt sensitive
materials.
|
| A primer on encryption |
| This tip is excerpted from the Microsoft 2000 Security Handbook by Jeff Schmidt and Dave Bixler, published by Que. |
|
|
|
|
The majority of the 154 surveyed in the United States, United Kingdom and European Union failed
to encrypt data on the hard disk (85%); don't encrypt all e-mail messages (98%); and don't even
encrypt sensitive e-mail messages (62%).
Gordon noted that failure to take steps to protect this information could easily cost companies
money through the loss of intellectual property, particularly when e-mail and attachments pass
through many points with potential eavesdropping prior to reaching their destination. Other
consequences could be the loss of time, work and credibility.
Gordon's advice to enterprises is standard. Encrypt this information to protect it in transit
from prying eyes, and from theft by Trojans and malicious code on the hard drive.
|
