Most companies still rely on employees following rules and procedures in order to keep their sensitive data secure. Rules such as "don't write your password down" or "don’t take your company laptop home" are the weak link in data security. If IT security is deployed and procedures are specified but users don't comply, is the company really protected at all? Most companies believe they can control user behavior with reasonable security policy. But they can't. Employees cut corners, "cheat" the rules, or are just plain lazy. They put passwords in their briefcases, take company laptops home, leave notebooks in rental cars, download files to their laptops that they're not supposed to. Not providing for a fix in such situations is tantamount to giving employees a vote in whether a security set-up will work - and the employees shouldn't have a vote, should they?
Fail-safe, technology-driven controls such as triggered data destruction are essential for real IT security, a
More...