Press Release

For Immediate Release

Contact:
Michael Parker
Lois Paul & Partners (for Ecora)
(781) 782-5714
Ecora@lpp.com

Combating The Unauthorized User: Ecora Outlines Four Key Steps Every Company Should Take to Protect its Critical Data

Learn How to Ensure Your Company Doesn't Fall Victim

Portsmouth, N.H. – March 18, 2008 – Ecora Software, the market-proven leader for configuration audit and compliance reporting, today outlined a series of safeguards that companies should consider implementing in order to be protected from harm caused by unauthorized access to critical data. The measures are based on the areas of highest IT vulnerability for companies and the most common missteps companies make when configuring and maintaining access control over their

The issues of data loss and inappropriate use of confidential data has been thrust into the spotlight due to a number of high profile incidents over the past year including Hannaford Bros. supermarket chain and Société Générale - where the activities of an employee, Jerome Kerviel, led to the company having to write off more than $7 billion in fraudulent trades. In late February, it was discovered that a rogue trader at MF Global Ltd. rang up $141.5 million in losses on the broker's account. While these are the high profile cases that create the headlines, companies lose countless millions each year through both malicious and accidental behavior caused by inappropriate access points to data. According to the Identity Theft Resource Center (ITRC), there were 446 data breaches reported totaling more than 127,000,000 compromised records.

To assist companies identify and shore up the areas of greatest vulnerability, Ecora has outlined the following steps that every company can follow towards stricter access control to data:

  • Synchronize: approved credentials and access rights between human resources and IT rarely match. As employees move within an organization access privileges can follow them and quickly mount. Ensuring that employees only have access to the information appropriate for their position is an essential first step in avoiding the manipulation and loss of data. For example, an employee moving from an IT role to a sales position could potentially bring with them the access rights to log in and manipulate sales data bases crediting themselves with commissions they didn't earn.
  • Passwords: companies seem to have forgotten that passwords exist for a reason, security. In many organizations passwords have become yet another issue of inconvenience for employees. To combat this some organizations have adopted a relaxed approach to passwords in many cases sharing login information for whole departments or not requiring the changing of or implementation of complex passwords. This creates a fundamental breakdown in security practices as shared or easy to crack passwords can be quickly spread throughout an organization allowing unauthorized personnel to access critical data files.
  • Pattern Behavior: while it's not possible to view every data transaction in a large corporate environment, Ecora does encourage companies to be cognizant of behavior. For example, if a staffer is suddenly downloading files at an aggressive rate or outside traditional business hours, this should be a red flag that further investigation is needed into the transactions.
  • Go Beyond the Audit: due to regulations such as Sarbanes-Oxley, companies each year gear up for audits to ensure that all mandates are being met. Ecora suggests that companies strive for a constant state of data access control and not wait for audit season to ensure that they are meeting the appropriate governance standards. It is also important to remember that because a company passes an audit, doesn't mean they are risk free. Compliance and security are not always defined the same.

"In today's business environment where a companies information has gained such high value in terms of corporate reputation, monetary considerations and potential liability, companies need to be proactive in terms of establishing best practices that can help guard against intrusion by unauthorized users," said Mike Sullivan, president, Ecora. "While security is a process with many levels that must be adhered to in order to work effectively, I have found in discussions with customers that it is often the simple, common sense issues that tend to become problematic for companies looking to safeguard critical data."

By implementing this series of checks and balances companies can ensure that they are not leaving themselves open to loss or attack. Shoring up areas of weakness in terms of access control can serve as a companies' first and last best line of defense in keeping information confidential to only properly credentialed employees.

About Ecora Software

Ecora Software is the market-proven leader for Configuration Auditing and Compliance Reporting solutions that allow a proactive view of the IT infrastructure and deliver actionable evidence ensuring critical business services remain operationally effective, secure, and compliant with internal standards and external regulations. Auditor Professional™ offers immediate value with its agentless architecture matched with rich report templates and pre-defined policies providing the foundation for effective change and configuration management. Please visit us at www.ecora.com