Its been quite sometime, since I blogged last on SAP, partly due to my professional obligations which did not let me allocate the necesary time to make a blogpost.
Information security is something that I have felt quite strongly about in most of the organizations that I have come across. The security system is strong, there is sufficient manpower to protect the systems, but still there are lapses. What causes these lapses? Most of the time, the security lapses are not from the usual sources that the organization comprehend. It comes from the most unlikely of sources.
An organization which is paranoid about information security usually goes overboard with security cameras, physical access restrictions, complex password criteria and lot of other monitoring places.
The few places where I have found that security is most likely to lapse were
Users share their data with someone else who is required to work on the same data. But, then forget to turn off the share. The data remains shared forever, until the data itself is deleted or moved. Users should be educated to disable shares once they are done with it. Another option could be to only allow read only access as and when required.
The single and most powerful network tool is also the best manner for data to leak out of an organization. The data leaks out through web based mail services and online file storage services.
Users sharing a computer
This is relevant in all those cases where more than one person shares a single PC. Sure, the individual gets access to the system only using his authorised user name and secure password, which create separate documents & settings for his user ID. But, what happens to the files on the other drives, other folders on the primary drive which could be accessed by all users accessing the computer.
This is not too much of a risk, since in most cases; the system updates itself. But where there is manual intervention involved and the user has to update the definitions there is always scope for procrastination and resultant outdated antivirus updates.
Most computers do not have a data shredder and users tend to use the ordinary recycle bin instead. This is not ideal for highly confidential documents
This is an ever present evil among all types of users, corporate or home. Passwords which have characters like abc, 123, names etc. are used even as administrative passwords in many cases. Reusing passwords and sharing passwords only makes the security hole larger.