Information technology professionals grimace when you ask about security. For them, the problem is not hackers and malicious code from outside, it's the idiot users they have to let into the network every work day. Ask one: What's the most commonly selected password? Yep, it's "password."
This is serious stuff. Once inside your network, bad guys get access to all kinds of goodies, including personal identity data of your workforce, financial systems and potential valuable trade secrets. Unless you are ready to go back to paper and pencil and a steel safe, it's time to consider beefing up your security system.
The best contacts and resources to help you get it done
Lock down your workstations with serious tech
The state of the art right now is two-factor authentication. Put simply, you need a password and a device, usually a smartcard or password generator, to get access to the corporate network. Using your ATM card and a PIN, for instance, is a kind of simple two-factor authentication.
I recommend: The next step up for networks is a security token, a keychain device that quickly generates passwords which must be used within a few seconds to work. Manufacturers of security tokens include
Aladdin,
Entrust,
Actividentity, and
RSA Security.
Review your mobile data on laptops and handheld devices
Everyone knows the story of the hapless government employee who left the laptop with millions of veterans' profiles on its hard drive in a taxicab. (It was recovered.) What most don't realize is that their key secrets are just as exposed.
I recommend: Control who has access to what on your employees' take-home computers and devices lockable memory from
Safeboot and
Utimaco.
Short on budget? Consider a folder or file lock device
A network-wide system is best, but small companies with limited funds should consider locking each machine individually or perhaps just key files or folders.
I recommend: Software to automate protection of key files is available from
Deslock,
Information Security Corporation, and
PGP, now a big company but the original consumer encryption maker, once known as Pretty Good Privacy.
Lock the entry and exit points for total security
One of the bigger problems, until recently overlooked, isn't baddies trying to get in but the so-called "trusted path," a.k.a your own employees, who think nothing plugging keychain memory drives, digital music devices and other memory disks into their work computers as if they were at home.
I recommend: Besides viruses and such coming in, there's always a risk of important, even sensitive data walking out the front door on that iPod. A growing industry of endpoint security offerings includes
eEye,
Safend and
Layton Technology.
Related Resources from Business.com
Comments
Is any content on this page inappropriate? To let us know, please 
