Needless to say I’ve been tuning (back) into the security/encryption/privacy of late, so I’ve been making sure I keep up on news and blogs (suggestions welcome) on these topics. So I just read this vendor-written (still pretty good) piece from PC World:
Government and intelligence officials around the globe have been caught off guard and in many cases embarrassed and compromised by disclosures of documents on the Web site WikiLeaks. For security and IT professionals, these leaks serve as an important wake-up call to improve policies, procedures and safeguards. Here are five key tips to help your government agency or enterprise avoid being the source of the next Wikileak.
link: 5 Ways to Make Sure You Aren’t the Next Wikileak – PCWorld
The five ways are:
- Security Policies and Procedures.
- Implement Host-Based Security Solutions
- Data Loss Prevention (DLP)
- Traffic Profiling Tools.
- Log Management & Correlation
Yep, all of those are great places to start, expect they miss one really, really important one:
If the information just isn’t able to be shared because it’s encrypted, then well … you know that’s a pretty darn good thing. So why wasn’t email encryption on the list?
Oh, right, it’s too freakin’ hard to use and can be really expensive to implement.
Well, until now.