pK Categories

pK Archives

Simple Office Security Tips: Data And Network Security

As a business owner, risks are a given. Operational risks. Management risks. Privacy risks. All of these risks are intensified when you leave the office, says Victoria Fodale, Program Manager/Analyst, for Scottsdale, Ariz.-based research firm In-Stat. “The small business owner is mobile a lot of the time. They probably carry a PDA or a smart phone or a notebook that contains business-critical information,” she explains. “But being mobile can become a liability if this information is lost or stolen.” You can minimize your risks, however, by following a few simple tips, detailed below.

Backups are key. Hopefully, you’re already backing up the data on your servers and desktop computers, but chances are you may be forgetting to do the same for your mobile devices. “If your notebook or PDA gets lost, you want to make sure you have that data replicated somewhere,” says In-Stat’s Fodale. That said, make sure you’re backing up your notebook and other mobile devices regularly—at least once a day, she says.

Don’t forget encryption. Of course, if your mobile device does go missing, you want to make sure the information on it stays on it—away from prying eyes. That’s why even simple file-level encryption is important. “Anything that contains customer records, Social Security numbers—anything that’s affected by regulatory factors must be encrypted,” says Fodale.

Encryption is also important when transmitting data or emails from the road. A simple method: use a virtual private network (VPN) when connecting to your company’s network. You can install a firewall or router that enables VPNs or use a hosted service from your ISP or another managed services company. This is especially important when using a public hotspot at an airport, coffee shop, or even a library. Without a VPN your data is viewable—and hackable—by anyone on that connection who has a little tech knowledge.

Turn it off. If you’re not actively using a wireless connection, make sure you disable your wireless card so even if someone tries to hack into your system they simply won’t be able to. And everyone should have a personal firewall running on their notebook regardless of how they connect to the Internet or to their company’s network.

Teach employees about risks. It’s not enough for a president or CEO to understand and mitigate risks. His or her employees should be right on board, says Cass Brewer, editorial and research director for the IT Compliance Institute. “There should be some formal structure, some training program so people understand policies and procedures,” she explains. “It’s not enough to have people understand what you’re saying, they need to understand the objectives behind the security policies. This is what’s going to create a culture of compliance.”

Print instead of copy. Copy centers are popular, and for good reason. Excellent service and low cost make these facilities a no-brainer when you have large or cumbersome printing needs. However, remember this: high-end copiers are usually networked and almost always have a hard drive. This means that your paperwork may leave a virtual paper trail behind even after you’ve picked up your originals. You don’t have to eschew copy centers completely, says Fodale, but if you’re printing sensitive or confidential data, you may want to stick with your office printer instead.

“The risk may be pretty low, but when you know that a networked copier is essentially a low-level server do you really want to take that risk?”

Be portable—but not too portable. It can be very easy to download a file to a portable storage device such as a USB key, but it’s also very easy to misplace such a tiny form factor. As a precaution, avoid downloading anything sensitive to portable storage devices, and make sure employees know that this practice is off-limits, says Fodale. Don’t trust your employees to comply with your wishes? There is a fix, she says.

“You can set limits so some files can only be worked on or accessed via the network,” says Fodale. “You can also keep track of who is copying what by using discovery applications that can identify when someone is copying something sensitive from the network to a client and notify you when it’s happening. Business owners need to be pragmatic and have policies in place so confidential information is protected.”

A Dell Computers Article

Leave a Reply