As a business owner, risks are a given. Operational risks. Management risks. Privacy risks. All of these risks are intensified when you leave the office, says Victoria Fodale, Program Manager/Analyst, for Scottsdale, Ariz.-based research firm In-Stat. â€œThe small business owner is mobile a lot of the time. They probably carry a PDA or a smart phone or a notebook that contains business-critical information,â€ she explains. â€œBut being mobile can become a liability if this information is lost or stolen.â€ You can minimize your risks, however, by following a few simple tips, detailed below.
Backups are key. Hopefully, youâ€™re already backing up the data on your servers and desktop computers, but chances are you may be forgetting to do the same for your mobile devices. â€œIf your notebook or PDA gets lost, you want to make sure you have that data replicated somewhere,â€ says In-Statâ€™s Fodale. That said, make sure youâ€™re backing up your notebook and other mobile devices regularlyâ€”at least once a day, she says.
Donâ€™t forget encryption. Of course, if your mobile device does go missing, you want to make sure the information on it stays on itâ€”away from prying eyes. Thatâ€™s why even simple file-level encryption is important. â€œAnything that contains customer records, Social Security numbersâ€”anything thatâ€™s affected by regulatory factors must be encrypted,â€ says Fodale.
Encryption is also important when transmitting data or emails from the road. A simple method: use a virtual private network (VPN) when connecting to your companyâ€™s network. You can install a firewall or router that enables VPNs or use a hosted service from your ISP or another managed services company. This is especially important when using a public hotspot at an airport, coffee shop, or even a library. Without a VPN your data is viewableâ€”and hackableâ€”by anyone on that connection who has a little tech knowledge.
Turn it off. If youâ€™re not actively using a wireless connection, make sure you disable your wireless card so even if someone tries to hack into your system they simply wonâ€™t be able to. And everyone should have a personal firewall running on their notebook regardless of how they connect to the Internet or to their companyâ€™s network.
Teach employees about risks. Itâ€™s not enough for a president or CEO to understand and mitigate risks. His or her employees should be right on board, says Cass Brewer, editorial and research director for the IT Compliance Institute. â€œThere should be some formal structure, some training program so people understand policies and procedures,â€ she explains. â€œItâ€™s not enough to have people understand what youâ€™re saying, they need to understand the objectives behind the security policies. This is whatâ€™s going to create a culture of compliance.â€
Print instead of copy. Copy centers are popular, and for good reason. Excellent service and low cost make these facilities a no-brainer when you have large or cumbersome printing needs. However, remember this: high-end copiers are usually networked and almost always have a hard drive. This means that your paperwork may leave a virtual paper trail behind even after youâ€™ve picked up your originals. You donâ€™t have to eschew copy centers completely, says Fodale, but if youâ€™re printing sensitive or confidential data, you may want to stick with your office printer instead.
â€œThe risk may be pretty low, but when you know that a networked copier is essentially a low-level server do you really want to take that risk?â€
Be portableâ€”but not too portable. It can be very easy to download a file to a portable storage device such as a USB key, but itâ€™s also very easy to misplace such a tiny form factor. As a precaution, avoid downloading anything sensitive to portable storage devices, and make sure employees know that this practice is off-limits, says Fodale. Donâ€™t trust your employees to comply with your wishes? There is a fix, she says.
â€œYou can set limits so some files can only be worked on or accessed via the network,â€ says Fodale. â€œYou can also keep track of who is copying what by using discovery applications that can identify when someone is copying something sensitive from the network to a client and notify you when itâ€™s happening. Business owners need to be pragmatic and have policies in place so confidential information is protected.â€
A Dell Computers Article