Enterprises always make a common mistake when constructing information leakage protection, namely: IT managers simply implement the superiors’ control strategy, but in spite of the majority of users. As everyone knows, the latter is the most important part of information leakage protection.
Many enterprises’ IT managers often complain during the process of building information leakage protection that other departments do not work with them. In fact, in this age where issues of information disclosure frequently happen, the enterprise takes some anti-phishing measures in order to protect their information assets, which is understandable.
However, the problem is that many companies do not spend enough time and effort to understand the demands of themselves and the changes of status caused by protection. And they seldom provide reasonable protection measures to decrease the impacts. If just anxiously deploying strategy, to take coercive measures and adopting coercive measures that cause inconvenience to some routine work, users absolutely can’t provide understanding and supports, so that the protection strategy won’t be formed and effective.
It’s not that Information leakage protection constructing itself is hard, but the companies’ attitudes to information leakage protection obstruct the effects. I believes that security matters requires all members to participate in, that the information leakage protection can achieve good results. If IT management staffs and application strategy staffs form a opposite relationship, the information leakage protection will become a internal friction battle.
How to ensure security and don’t affect efficiency at the same time? In the face of severe information security situation, companies should recognize that information leakage protection is a protracted war, which needs to establish a comprehensive anti-phishing front inside the enterprise, especially needs the main part, namely the non-IY departments to take part in the action. Enterprises must start from real working process, completely account of use experience to provide intimate “service” and find a balance between security and convenience, so as to win everyone’s understanding and cooperation. Only by this way, can information leakage protection be sustained effectively.
Enterprise should try best to ensure everyone in the company takes part in the information leakage protection action when establishing information protection team, so that all departments’ needs can be effectively conveyed.
Second, when deploying information leakage protection, enterprises must take different secure level on different departments, such as deploy the basic foundation of audit and control to the low level of classified departments; as for core departments, expect the detailed audit and control, enterprises may consider the file encryption to protect deeply the secrets of company..
Once again, every department should designate an authority management staff, letting him/her to be in charge of the department information security. If it’s possible, enterprise can provide direct feedback channel for average user to executives, in order to prevent the abuse of authority management staff.
Of course, such united front of information leakage protection can’t be established in a short time, or it can be said that it can’t be done only by the enterprises themselves; it also requires security vendors and national relevant departments to assist. However, after all, the enterprise is the leader of this action, the information leakage protection can be effective only when enterprise has a deep understanding of own security needs, and take active defense and the flexibility adjustment in this action.