Employees at GCHQ and other sensitive parts of the Government have been told to strip employees of company smart phones and memory sticks to protect them from cyber attacks.
According to the Telegraph, advice warns firms that staff are the “weakest link in the security chain” and protective action must be taken. Companies have been told staff should only use trusted WiFi networks and constantly update internet browsers.
The warnings were contained in ‘10 Steps to Cyber Security’ guidance issued by CESG in conjunction with the Cabinet Office, Business Department and Centre for the Protection of National Infrastructure. The advice recommends businesses monitor all user activity, and tells companies that they should be watching over the internet behaviour of employees at all times so they can always “identify” the staff member.
Specific measures are also mentioned, including possibly stripping staff of company phones and removable media, which could include MP3 players and smartphones.
Phil Beckett, partner at Proven Legal Technologies, said: “It is crucial that companies tighten up their data security across the board, leaving no area of the business vulnerable to data loss.
“The proliferation of Bring Your Own Device (BYOD) policies has resulted in potential risks to all businesses, as the segregation between business and personal data becomes more and more hazy. As such, by inviting personal devices into the office – and then allowing them to leave again, often containing confidential information – firms may actually be compromising their intellectual property as well as their security.
“It’s worth noting that this problem extends beyond smartphones to computers and other removable devices, as well. Data can be very promiscuous, in that it tends to associate itself with different devices in different formats. In order to protect IP and minimise fraud, businesses will need to implement rigorous policies on BYOD and managing corporate data, and carefully monitor all company devices and staff access to confidential information. Likewise, when a team member decides to move on, businesses must ensure that it is only the employee leaving, and that no private data is following in his or her wake.”
