The computer people you can believe in
|
The computer people you can believe in
|
|
|
Protecting your informationWhen most people think of computer security, passwords and ‘big-brother’ spring to mind . In reality it is not the computers that need most protection (a locked door normally does this) but the information that is contained on them. Before embarking on a major spending spree on the latest state of the art encryption systems and firewalls, consider where the possible threats might come from. Recent estimates suggest that almost eighty percent of the threats to company computer systems come from within. With this in mind, you should establish if your IT spend on security is split this way, and if you can tighten things up to reduce the threats. Lets look at some ‘low-tech’ methods interested parties can get at your important information; The waste paper bin - (the one under your desk not on the computer). Waste bins are always the easiest to ‘hack’ into. Security is normally fairly basic and those who want to can just reach in and help themselves. Consider having special bins for paper that will be shredded before recycling. The printer - confidential information sent to the wrong printer might just as well be put up on the notice-board. Ensure users are familiar with the printer layout on your systems, and restrict the use for confidential information. Remember it is not uncommon for large organisations to be able to access printers anywhere within the company, not just at one location or site. The overheard conversation - we all want to let others know when we are doing well, but with multi-million pound contracts in the offing the wrong bit of information at the right time can spell a lost agreement . Remember that not all those who may be in earshot in public places will be on the same side, (think of mobile phone use on trains). The contractor - with large construction sites employing many different trades and organisations, not all computers will be used by internal staff. If your site needs to allow computer access for such people, consider a separate system, or computers with very limited access. Whilst the majority of contractors are honest, they may not have signed any confidentiality agreements that prohibit them from using or acting on information on your contract. The file or e-mail - do you really need to print the file or e-mail. Unattended desks can be a lucrative way of obtaining detailed information. These are just some of the more basic ways we can help prevent information from getting into the wrong hands. Here is some more that wont cost the earth: Have a clear and concise way of storing information on your computer systems. This can be as easy as making folders or directories at a ‘top-level’ that mimics the company structure. Simply calling the folder ‘data’ or ‘docs’ is insufficient. It also helps to use plain English for the folder names, such as putting the word ‘department’ afterwards (e.g. Sales Department, Purchasing Department etc). Restrict access to these departmental folders to only those staff who are actually in them. This can be easily achieved by creating ‘groups’ of users who have access to areas rather than annotating individual users. Passwords (yes you knew it had to be mentioned). For some reason most business users seem to be either embarrassed or just plain uninterested about password security on their computer systems. This means that they are either known to others, or are simple to guess (worse still, they are written down somewhere nearby). Try using the phrase ‘PIN number’ and not passwords for these people. Let everyone know that they are responsible for the actions that are done whilst the computer is logged in under their username, and letting others use or get to passwords is a disciplinary offence. Make sure users log-off, or lock their computer systems when they are leaving the work area for more than a few minutes. Securing your computer should be mandatory when away at lunch or on a break. Have a company computer policy that covers the basic security features you would like to see observed. Make sure you include references to what is expected of all staff in relation to specific occurrences such as passwords, non-authorised access and use of the company e-mail and Internet. Consider whether the floppy drives on PC’s actually need to be accessible. Make sure that no data is stored on PC hard drives if it should be on central servers Users of portable or laptop computers should be aware not to store sensitive or confidential information on them. If there is no alternative, make sure that the files are password protected or encrypted. |
|
|
