Enclave Security "A Leader in Data Protection Services"

• Home
• Auditing
• Services
• Blogs
• Resources
• About Us

Subscribe to This Feed

Recent Posts

• IT Security Highlights March 11 2010
• IT Security Highlights March 10 2010
• IT Security Highlights March 9 2010
• IT Security Highlights March 8 2010
• IT Security Highlights March 5 2010

Categories

• 20 Critical Controls
• 44th Presidency Cybersecurity efforts
• Acceptable Use
• Advanced Persistent Threat
• Assurance
• Audit
• Background Checks
• Checklists
• CISA
• Crime
• Cyber Warfare
• Cybercrime
• Data Leakage Protection (DLP)
• Data Theft
• DHS Infrastructure Reports
• Encryption
• Free Audit Checklists
• George Orwell’s Big Brother
• Green IT
• Health Information Technology
• HIPAA
• Information Security Awareness
• IPv6
• Kelli Tarala
• Legal & Privacy
• Malware
• Medical Identity Theft
• Microsoft Windows
• Policy
• Progressive Reforms
• Remote Code Execution
• Risk
• SANS Institute
• Secure Development Lifecycle (SDL)
• Sexting
• Sharpen the Saw
• Situational Awareness
• Social Contract
• Social Engineering
• Social Networking
• Tools
• Training
• Web 2.0
• Wireless
• Writing Secure Code

Attend an Event

Enclave on Twitter

« Free CISA Exam Prep Resources for the Upcoming Exam | Main | Free Resource Kit e-Book from Microsoft »

Paper-based Data Leakage Still a Concern

By Kelli Tarala | June 15, 2009

There is an intriguing article in the Saturday Washington Post about the lawsuit involving Hilton Hotels and Starwood Hotels regarding boutique hotel branding. In a suit filed in federal court in New York on April 16th, Starwood’s suit alleges that Hilton stole more than 100,000 electronic and hard copy files containing trade secrets to help it expand its luxury hotel offerings. “The large volume of confidential information taken is extraordinary,” the filing says.

This past week, as it was moving from Beverley Hills to Tyson’s Corner, Hilton Hotels decided to send boxes and boxes of Starwood documents back to the company “in an abundance of caution.” Lawyers from Hilton wrote a letter saying they found the material in the homes and offices of prominent employees recruited from Starwood. The sheer volume of paper recovered is an interesting observation in light of the availability of jump drives and CD burners.  While we spend a lot time worrying electronic files and removable media, paper is still one of the easiest ways to remove confidential information from an organization.

Some things to consider when you are writing or auditing information security policies  regarding employee access and Intellectual Property (IP).

• Are employees required to sign a Non Disclosure Agreement (NDA) prohibiting them from passing on company IP either during or after employment?
• Does your organization have a clean desk policy? That means employees are required to remove files and paperwork from their desk, and secure items before they leave for the night.
• Do your awareness programs discuss leaving sensitive material in cubes and on desktops? How many employee telephone directories have been stolen from the receptionist by social engineering tactics?
• Are employees required to shred company documents and dispose of them in locked recycled bins?
• Does your organization discourage employees printing documents through copy machine charges and ‘green initiatives’?
• Create an audit trail which tracks and documents access to and movement of confidential data and critical IP so that any possible leaks can be investigated. Pay careful attention to this audit trail once an employee indicates that they may be leaving the company. Reduce that employee’s access to sensitive data as well as review his or her activities during the period before the departure.

Paper-based data leakage is still a big concern for companies and making sure that your organization addressing paper documents will help protect your organization’s  vital assets.

Topics: Acceptable Use, Audit, Data Leakage Protection (DLP) |

Comments are closed.