Where employees are provided with smart phones, PDAs or laptops, they should be required to authenticate themselves each time they log on, either through a token-based or smart card solution. During 2007, laptop and smart phone losses contributed to a record 37 million* items of personal data being lost by UK public and private sector organisations. Although its believed that most of this loss was accidental, the use of strong authentication tools will considerably reduce the likelihood and negative impact of such data losses in the future. In the context of the enterprise, the point at which they leave the company will see them surrender the authentication hardware, rendering the user incapable of connecting to the corporate network.
Furthermore, it is highly advisable that measures are taken to prevent employees from attaching their own hardware to the network or local device without gaining clearance from the IT department first. This will minimise the opportunities for them to transfer sensitive data or bypass the security measures of the corporate infrastructure.
Buildings: Physical access controls can be flouted intentionally and unwittingly by former colleagues if they hold the door open to someone who has already handed back their keys or swipe card. More dangerous still is the practice of allowing visitors to access the premises without the appropriate supervision. Its imperative that staff are made aware of the risks that this can pose to the business and clearly worded guidelines should be issued as part of the induction process.
For many enterprises, the key has now been replaced by a smart card as the main point of access to buildings and a growing number are exploiting the functionality of smart cards to control systems access too. Not only is this enabling them to consolidate controls onto one card, it also means they can centrally control all access rights of staff.
*According to figures released by the Liberal Democrats in January 2008
Marc Hudavert is vice-president & general manager at ActivIdentity.
Sign up for Computerworld eNewsletters.