Unsecured Sensitive Data Discovered On 36% Of Enterprise Computers

By Author: Colm Doherty
Total Articles: 93
Comment this article

A specialist risk-mitigation software vendor has seen a rise in the levels of risk it discovers when scanning computer networks in the enterprise & public sector for unsecured sensitive data and inappropriate images.

We had expected to find an improved compliance culture, given the reputational & financial damage organisations face from any incident of data leakage or pornography in the workplace said the CEO Colm Doherty, but the human factor remains as an issue

The company's software was used to scan PCs, fileshares and e-mail accounts in more than 150 organisations. Despite a rise in regulatory compliance imperatives and investments made in network gateway controls, the company discovered disturbing levels of personal & sensitive data, leaving organisations open to potential ID fraud and intellectual property theft.

We found suspected sensitive data on 46% of PCs, in 32% of e-mail accounts and 30% of server shares says Andy Churley, Chief Marketing Officer, adding We were concerned at the volume and nature of the material we found, including full credit card details, National Insurance & ...
... pension details and network logins & passwords. In most of the organisations scanned, we found more than enough material to perpetrate ID fraud and the constitute a significant loss of critical data such as financial information and intellectual property

During the past year, they also saw a rise in the volumes of Inappropriate Images both stored & circulated within the enterprise and beyond it to external parties. Pornographic or inappropriate material was found on 28.5% of PCs in 2007, up from 25% in 2006 and in 14.4% of e-mail accounts, up from 12.4% in 2006.

What's interesting is that this issue persists, regardless of the significant investments made in content filtering and gateway controls in recent years, says Churley, adding it just reinforces the need to know what is actually on your network, by conducting regular risk audits

Audit figures point to high level of inappropriate and illegal images on corporate and pubic sector networks.

With a third of all images found created in the last 12 months it is clear that employees continue to ignore corporate policies and in some cases are going to extraordinary lengths to bypass protection systems to obtain and distribute inappropriate material. Boundary protection systems alone will not stop digital pornography from entering an organisation.

The only effective way to detect, manage and eliminate inappropriate images is by using powerful network audit or real-time monitoring solutions such as our Auditor and Monitor, says Kieran Caulfield, the sales director. With increasing demand, we now need new channel partners that can deliver our products and image audit services. These may range from traditional security resellers and managed service providers to companies offering audit, forensic and risk assessment services, says Caulfield.

The company offers an ideal way to add value to existing products and services with recurring revenue streams and a strong licensing program and partner support and reward structure. Using a high-speed image analysis engine, the new Auditor 3.4 rapidly identifies digital pornography in over 150 different file types on all corporate IT resources such as PCs, file servers and email servers.

The company offers a Discovery Audit to companies covering a subset of desktops, servers and email files, to assess the level of illicit image content on the network. Along with this, they provide a report that assesses the overall risk and severity of inappropriate images based on the material found in the audit.

Our audits show that the reality is that all establishments have a lot of digital pornography residing on their networks that they don't know about, says Caulfield. In most cases when companies see the results of an audit they will work with a partner to audit their complete networks.