[June 20, 2011] Employees remain weak link with Internet security [St. Louis Post-Dispatch] Tweet (St. Louis Post-Dispatch (MO) Via Acquire Media NewsEdge) June 20--As companies like Sony and Citibank identify the causes of recent security breaches and try to remedy network weaknesses, area businesses are well aware of potential threats. Yet, improving security is more than beefing up firewalls or installing better encryption technology. The weakest link remains the individual employee, who may be using less secure email services or carelessly leaves sensitive data unsecured, analysts say. Boeing experienced this first-hand when, in 2006, an employee's unattended laptop was stolen. Though password-protected, the laptop contained Social Security numbers, home addresses and other personal information on 382,000 workers and retirees. The theft spurred the Chicago-based aircraft maker to implement better plans to safeguard such data. Diane McClain, operations manager of the cyber security division at the Newberry Group, stressed the importance of employee training to ensure that information can be seen by only those who need to see it, protecting it from "the bad guys." Newberry Group, which began with contracts to the federal government to staff data centers, expanded from information technology to cyber security in 2005. This element of its business has been growing ever since. The company, based in St. Charles, now investigates breaches, examining hacks with digital forensics and turning evidence over to law enforcement. McClain's focus has remained consulting with companies to find and repair holes in their networks. She said it was balancing security measures with availability -- the ease of access by authorized users -- that presents the most difficulty because it introduces a human element to the equation. David Maestus, chief technology officer at TechGuard, echoed her remarks. TechGuard, a 10-year-old computer security company that employs about 70 people in St. Louis and Baltimore, consults for businesses. Maestus said problems arose when 'security is glued on at the back end." "Too many companies develop a system and then ask, 'How do we protect it?'" Maestus said. As a result, network engineers institute strict, cumbersome policies that inadvertently encourage employees to work around them. He pointed to Google as a recent example of people's using that free email service to send information outside secure networks. Earlier this month, Google revealed that Chinese hackers fraudulently obtained passwords and then monitored the communication of several hundred people, including senior U.S. officials and journalists, who used the service. Even if people don't send sensitive information on a service such as Google or Yahoo, hackers combine that information into useful data, gaining access to secure systems by exploiting less secure elements of the process, Maestus said. Although breaches at major corporations make headlines, they are the exception rather than the rule, McClain said. "They are hit hard, daily, by amateurs and professional hackers trying to find a hole," she said. "Even people who don't know what they're doing may find a way in." Kelley said Boeing strove to stay one step ahead of hackers, and McClain and Maestus agreed that the strategies necessary to ensure online security presented a rapidly moving target. "There is constant evolution of attacks, and the people defending against them must get better as well. It's a big dance, where you're not touching," she said with a laugh. ___ To see more of the St. Louis Post-Dispatch, or to subscribe to the newspaper, go to http://www.stltoday.com. Copyright (c) 2011, St. Louis Post-Dispatch Distributed by McClatchy-Tribune Information Services. For more information about the content services offered by McClatchy-Tribune Information Services (MCT), visit www.mctinfoservices.com, e-mail [email protected], or call 866-280-5210 (outside the United States, call +1 312-222-4544) [ Back To TMCnet.com's Homepage ]