| Data theft is the biggest threat, here are some tips. |
| Last month, one of our readers asked a very important question. He was the head of a small enterprise and was very concerned with data security: 'All our employees have individual computers, connected with a local area network (LAN) access cable.' |
| The company's financial data as well as that of his partner(s) was stored on the computer. The data was sensitive and confidential since it included manufacturing formulations. |
| "Some of the files are password-protected but at least one employee has the password. We are concerned that one or more employees may transfer files via email for illegitimate gain "� especially when one is about to leave. We may not want to get involved in litigation for fear of its effect on the company image. What system can we use so that we know if any employee has indulged in illegitimate transfer of data, particularly if the data has been sent as an attached file from their personal email accounts?" |
| To begin with, there's no one solution. You need to devise a security framework or policy which gives your employees different degrees of freedom with their machines "� all depending on their seniority and the trust you have in them. |
| The framework, at a very basic level, will include a professional firewall like ZoneAlarm (not the free version). That, along with an anti-virus software from Symantec, Trend Micro, etc. can take care of their virus, spyware and spam (a solution from Iron Port is good for this) needs. As for the data security, password protection alone will not help. You may consider disabling floppy (if your machines are antique) and CD drives so that only select employees can copy files off the computer. |
| You should also take care that the USB drives are secured (since anyone can plug-in a pen drive and steal the data). You need to have a proxy on the internet, which blocks access to certain sites that allows people to store files online. Besides, given Bluetooth and Wi-Fi-enabled desktops, you may consider a policy to have them switched off with regard to employees who do not need such facilities. This will help in preventing wireless theft of data. |
| Of course, another solution would be to get rid or standalone PCs and use Thin Clients as explained in the previous column. In this scenario, you can store the data on the LAN while each client PC (user) accessing data from the LAN with hierarchical rights (the framework I referred to earlier "� meaning, a clerk may access specific data while a management executive can access more data and so on) and use a solution from vendors like PointSec. |
| For advanced users and businesses that need additional protection, an integrated security plan is a must. Key security technologies that can be integrated include firewalls, intrusion detection, intrusion prevention, content filtering, VPNs, wireless LAN (wherever applicable) security and virus protection. |
| A Virtual Private Networking (VPN) is composed of a network (when you want to share data with your business partners or branches) that uses a shared public infrastructure as a channel for private data communications. It is used to link remote sites (Site to Site) and remote users (your field executives, for instance) to the enterprise data services they need. |
| Individually, these security technologies can be cumbersome to install, as well as difficult and expensive to manage and update. Finally, each small business is different. While some of you may have the expertise in-house, others may wish to use security consultants to design the appropriate solution, build and operate it (managed services). It's a call you need to make. |
| Sample checklist: |
|
|
Playing it safe
SME IT/ SECURITY ISSUE
Don't miss the most important news and views of the day. Get them on our Telegram channel
First Published: Feb 15 2007 | 12:00 AM IST
