Identity theft – a corporate problemCountless news stories, from TJ Maxx losing details of around 90 million customers over a two-year period35, and the November 2007 debacle of the UK’s HMRC (Her Majesty’s Revenue and Customs) losing sensitive data about 25 million families in Britain36, indicate that even large organizations are at risk.
In August 2007 it was revealed that employment search website Monster.com had lost personal information about more than 1 million people37. Attackers used the usernames and passwords of professional recruiters to access Monster.com’s resumé database, and then spammed out phishing emails and malware to innocent job searchers.
Payment card industry compliance
In response to serious data breaches, the payment card industry security standards council (PCI DSS) was formed and has since put in place 12 requirements with which organizations that deal with credit and debit card transactions must be compliant.
It has been reported that only one third of retailers are PCI compliant.
The cost of a data breach, both in resource and software terms, can be huge, and many companies without a detailed security strategy and the right information may be paying a premium to secure their networks. By properly securing and controlling their computers and the access to its network, an organization can significantly reduce the chances of a security breach happening. In addition, regulations that deal with the human aspect of mishandling data – accidental or otherwise – must be put in place to combat lax security.
NAC – helping enforce compliance
Leading security analysts such as Gartner and IDC agree that companies need to start their investigations now into network access control solutions and how they can integrate into the security framework. Integration of security point-solutions at the heart of the organization - the desktop and file server - is the recommended route forward, simplifying the management for administrators while using less resource on the network.
What does NAC do?
NAC (network access control) helps reduce the risk of compromising your network security.
- Works alongside anti-malware and firewall products and meet the following criteria:
- Stops unauthorized, guest or non-compliant systems accessing your network
- Ensures all computers conform to a defined security policy
- Is simple to deploy and easy to use
- Allows easy identification and isolation of unmanaged computers.
Sophos.com
No comments:
Post a Comment