General

Understanding Security Issues

As a client servicing executive I spend a good amount of my time understanding client briefs. Earlier this morning at the end of one such meeting we decided to take the PowerPoint presentation back to our office for further review. Since I was armed with my USB pen drive, that seemed the most obvious way to have the 2MB file moved in a jiffy.

It was only when we tried to plug the pen drive did the client realize that as a corporate policy all laptops had their USB ports blocked, floppy-drives and CD-writers removed. At first seemed like an obvious way to prevent data leaks from the organization. However that myth was soon broken when the client with great ease logged into one of the many free mail accounts and uploaded the file to reach my Inbox.

On my way back, I kept thinking why disable all removable data devices of a laptop which can easily log into the many systems online and transfer files smoothly. Didn’t make much sense to me since they could easily e-mail the same out through their corporate e-mail systems also. Of course they have a 750KB cap so not much could move out. But enough to get out an important document or a VIRUS – but then their e-mail virus programs are pretty powerful enough.

A friend of mine worked with another corporate firm where they disabled all logins on web-based forms besides having the usual USB ports and other devices disabled. That made sense since the corporate e-mail was the only way to transmit files out of the system – which again didn’t support many of the popular file types like “zip & exe”. Not security at the best but I guess a good step towards it.

The disabled USB ports at my client keep me wondering, yet. Sujeet, my friend could share some expertise.

Advertisements