These solutions are costly and require applying stringent IT regulations that are constantly tested through penetration tests to assess their level of security. But what about the human factor??? What about the employees??? What vulnerabilities are there when employees travel?? in conferences? at the bar of the hotel?? on a plane? when they meet someone at Happy Hour after coming back from a long day of work??
These questions need to be addressed and organizations must invest the human resources for protecting their sensitive data from involuntary acts by their employees that may jeopardize the organization. This awareness must be created through effective compartmentalization and setting up clear and applicable procedures for social and professional scenarios that could be smartly used by opponents. These procedures must include solutions and ways to prevent falling trap to a social engineering scenario where an employee could be manipulated to become an easy prey of information gathering.
The professional and social climate while traveling, at the bar of the hotel, in a convention, while having a drink, in a conversation is increasingly becoming a serious risk and can overcome the IT apparatus by directly hitting the human factor.
Therefore, organizations need to prioritize this aspect of security ASAP in order to prepare for a new trend of attacks that easily overcomes IT fortress security systems and takes advantage of the human being.
Define your security objectives and find the right balance between protecting your network and establishing the right awareness to your employees so that you are both secure in the organization and outside as well.