Many facets to computer security

Imagine for a moment: Your company has lost all of its files.

Your competitor has access to your customer database.

Your accounts receivable are scrambled beyond comprehension.

These scenarios sound unlikely, but they're by no means impossible.

Thanks to last year's round of computer viruses, most organizations understand the critical importance of protecting their information systems with up-to-date anti-virus software.

But that's only one part of information security.

Other serious threats include natural disasters, accidental data loss, employee theft and/or negligence.

How can we best recognize the threats and minimize the exposure? Here are some guidelines in three broad categories: People Establish a corporate culture that protects your information.

It's not commonly known, but most information loss and theft comes from internal sources, not external hackers.

Screen candidates' background and ethics carefully when they first apply.

Have new hires sign a privacy, non-disclosure and/or acceptable use agreement, so everyone knows what's expected of them.

Design an acceptable use policy.

This policy signals to employees that company equipment is for company use only no personal e-mail,Web surfing, file-sharing, etc.

This also makes it easier to detect when employees disseminate information in an unauthorized manner.

Align your employees' interests with the company's interests.

Employees need to understand that their interests are best served by safeguarding company information.

They may not fully realize how theft or loss of information can hurt the business, and therefore hurt themselves.

(Besides, fellow employees are the best means of monitoring usage of company information.) Procedures Destroy old information.

Each company has different requirements for maintaining old files.

Determine your requirements and employ a policy of destroying old digital information on a scheduled basis.

Organize your information.

Whether paper or electronic, your information needs to be organized.

This reinforces the importance of your information, elevates the level of respect people will have for it, and makes it easier to detect if something is missing or awry.

Store data in a central location.

As more employees work off-site, it's necessary to have all users store their data in a central location.

This eases workflow and ensures that data is backed up.

Employ a good password policy that requires periodic changes.

This policy limits the exposure of an ex-employee accessing your systems with an old password.

(Often the password used is not theirs, but one of their ex-coworkers.)

Audit your information systems annually.

Using antiquated technology makes it difficult or even impossible to recover from a disaster.

Many firms have specialized databases and applications developed by small vendors; if these vendors go out of business, you can be left with no support to assist in recovering or restoring precious data.

Also, failures in old hardware are more problematic to repair or replace.

Backup regularly and store backups off-site.

In case of fire or theft, you don't want your backup lost with your original.

Consider scheduling a regular pickup with a courier service.

This ensures that the backup goes offsite and returns regularly, and that backup media is stores in a secure and appropriate environment (not in the glove compartment of your car).

Create a disaster recovery plan and test it.

Having data backed up won't do you any good if you can't utilize it.

Make sure data is backed up properly by periodically restoring data from the backup.

Systems/Technology Minimize the number of connections to the Internet.

If you have multiple branch locations, have each branch connect to a central location with private lease lines, then route all Internet traffic through the central location.

This provides easy monitoring and management of data traffic in and out of the company.

Encrypt data, particularly on laptops.

A password on a laptop can be deleted or reset by hackers in a matter of minutes, laying bare all your data.

Because the operating system password can easily be changed, a third-party encryption software should be used.

When retiring computer equipment, "zero write" the hard drives.

Just deleting files actually leaves much of your information intact.

An industrious hacker can recover much of what you thought you erased.

Instead, use a program that deletes every bit of information on the drive.

Install virus protection and keep it current.

Run a periodic scan of your complete system.

Many viruses randomly select files from your system and e-mail them other addresses all with no indication to the user.

Secure your wireless networks.

Most companies make sure that only authorized computers can connect to their network, but don't realize it's possible for their computers to inadvertently connect to a neighboring network, and thereby provide a conduit for others to access their information.

Secure both your wireless access points and your computer connecting to the network.

If you're going to use information, there will always be security exposure.

But taking these measures can greatly reduce the risk of theft or disaster and protect the value of your information.

Tim Erlach (tim@erlach.com) is the owner of Erlach Computer Consulting, an IT consulting firm specializing in network service, website design, application development, technology consulting, and corporate training.