Raymond James Financial, BCD Travel, Houston Texans and Others: Worrying about W
ID: 417670 • Letter: R
Question
Raymond James Financial, BCD Travel, Houston Texans and Others: Worrying about What Goes Out, Not What Comes In REAL WORLD r's not what's coming into the corporate network that con cerns Gene Fredriksen; it's what's going out. For the chief ecurity officer at securities brokerage Raymond James asemail and IM, to identify sensitive information. They re in St. Petersburg, Florida, leakage of sensitive based on some of the same customer data or proprietary information is the new The problem isnt jast content within e-mail mesages, but priorityhing and contetiual teat scarch-that help anivinu mtoos Mack incoming chreats i P transfers, Web mail, and message boards. It's not and credit cand numbers, as well as tomplates for monitor e-mail, Fredriksen says. "We have topeivate evolve and change at the same pace as the business," he es- plains. "Things are coming much faster. proct esing resul So Fredriksen is rolling out a network-based outbound content monitoring and control system. The software, from using these tools, motes Paul Kocher, president of the Cryp- higphy Researchonubncy. The first. and-·type is Francisco-based Vontu Inc, sits on the network and personally idenoifiable information monitors traffic in much the same way that a network-based numbers intrusion-detection system would. Rather than focusing on confidential and credit card information. The second type is inbound traffic, however, Vontu monitors the networktations pegroll information, legal files, or supplier contract this information is harder to identify, most tools ity that originates from Raymond James's 16,000 users. It cxamines the contents of each network packet in real time and issues alerts when policy violations are found when can patterns of language and given enough samples, Kocher notes. The third of comp res urces, swh as potentially etwork-based systems do more than just rule-based scanning for Social Security numbers and other easily identolimve communao ns inv ling race able content. They typically analyze sensitive documents and content types and generate a unique fingerprint for each ministrators then establish policies that relate to that contenteven legitimate users were putting the dat The traditional security methods may restrict sensitive Ad data to legitimate users, but Flymn and Ignatiev found that f com- and the system uses linguistic analysis to identify sensitive data panies, at risk At BCD Travel, a corporate travel service, and enforce those policies as information movs across the ncarly s0 percent of is 10,000 employees work in call cent- in formation, BCD and the Texans did not find malicious activity, instead, they found people who were unaware of se- When BCD Travel began to investigate what it would curity risks, sach as sending a customer's credit cand mamber take to get Payment Card Industry (PCD) certification for by e-mail to book a Blight or room from a vendor that didnt detect both complete docu ments and "derivative documents," such as an IM eaxchange which a user has pasted a document fraginent have an online reservations system handling customer credit card data, Brian Flynn, senior vice president of technology, realized that he didat really know Fidelity Bancshares Inc. in West Palm Beach, Flonda, is hoy his employees were handling such information Not using the message-blocking feature in PortAuthority from could PCI certification be denied, but the travel agen- Pututhority Technol pes Inc. in Palo Alto, Californ" y's reputation and business could also be harmed. At the Outhound e-mail messages that contain Social Security financial data are intercepted and returned to the user, along Natbonal Football League's Houston Texans, IT Director Igatie came to the same realization as he investigated umbens, account numbens, loan number, or other peomal with instructions on how to send the e-mail securely In both cases, vendors they'd been working with sug Joe Conmier, vice president of network services, says he also uses PortAuthority to catch careless replies Customers leaving ht or proprictary information that might be ofesd in qoestions and include their account informa or other tion. "The customer service rep would reply back without any via e-mail, instant messaging, Fime started to use Reconnex's iGuard network modifying the emal be says The challenge with any system like this is they're only lance, with vavid results. "It was a shack to see what was oing out, and that mat procedures you have on the back caL"mos Frolisen. Another key to means clo caons "We are making sure that the wsers understand why gave us the insight to take action," he a valuable as the Syltemh PacketSure appliance, he too realized dat his nages needed to do a better job protecting critical data her Ignatiev examined his message flow usang Pal- aung-abuut mmangwawal "Big Brother" catomer credit cards, scouting reports, and team we-systums like this aa/ what they're being usedExplanation / Answer
Case Study Questions:
Answer 1:
The employees in the organization do not find themselves in the danger of loosely managing proprietary sensitive information as they are not fully educated about the risks of such cases. In some cases, these are call center employees who respond to emails with trailing mails having customers account details. It’s not deliberate but a part of the routine and lack of full awareness of the consequences which individual or organization could face due to data theft/ hacking or misuse of customer data.
Yes, I would have thought of carefully reading emails and trailing mails before sharing details with a third party. Competitor data piracy and corporate hacking are predominantly prevailing. Also, some private robbers are tech-savvy and always on the look-out to get bank/account details of individuals and corporate etc; to hack accounts and transfer funds in a crooked manner.
Answer 2:
The corporate can develop a fine balance between monitoring employees and invading their privacy by the following ways:
1. Explaining the sensitivity of the job to the employee and making them understand the need for this measure
2. Train them on the sensitivity of having these norms and filters in place, most large corporates have an IT security at high levels, the amount of data which can be sent in attachments is also restricted as per position and job profile.
Most corporate have to achieve this balance to keep clients and employees in good books at the same time. A satisfied employee makes many satisfied customers. The job levels and responsibilities will dictate the filters on data at each level.
Being too biased in favor of stringent rules and filters would hamper work in some cases and too many rules and permissions for sending or data handling would create bureaucracy and delay the business needs. This has to be carefully addressed considering the organization set-up, customer needs, and data protection. Too much leniency of data filters can give easy theft and access by competitors and hackers leading to misuse of information. In case of one such incident, the organization could lose its credibility in the market. Hence lose the name and future business in some cases business is over.
3. The IT EXECUTIVES NOTE THAT OUTBOUND monitoring and managing technologies are part of the overall strategy and should be part of larger policies. The employees new or old should know the data of the customer is strictly and very confidential. The rules are in place to ensure customer protection from the entire market, not to suspect employees.
Other strategies Educating and training employees on the reasons for such strategies is the only way to ensure sufficient care in outbound data monitoring. There should be Continuous meeting and training of team to ensure compliance. Reduce easy access to critical data and create levels of data intervention where required. Inculcate quality of loyalty towards customer data.
A good balance should be there between human and technological needs, in some cases technology can be bypassed by hackers and in some case, the human error can create an issue, so there has to be a fine balance between the two to achieve excellent data monitoring strategies.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.