Results 1 to 4 of 4

Thread: Information Security

  1. #1
    Senior Member
    Join Date
    May 2001
    Los Angeles, CA


    Someone in another thread said that their largest asset in their company was their customer list stored in their computer and further they felt leary about using a web based program and basically having this asset on someone else's server.

    That brought up something in my head.

    What are you all doing to keep you customer list safe and out of the wrong hands. We have talked about backing up your data and that will keep it safe to some extent but what measures do you have in place to make sure it is only you that sees it?

    If you use remote desktop, PCAnywhere,, or any of the other ways to access your server over the internet what measures are in place to make sure you are the only one accessing your server and files.

    Some things I thought about:
    limiting file downloading over these services or completely stopping file sharing through the router or operating system.

    What about an employee emailing your customer list to your competition? Anything in place to stop that?

    What about an ex employee selling his userid and password to your competition so they can log into your system and do what they want?

    Our customer file is about 40 MB do you have storage devises on your employees computers where they could transfer that to a medium and take it with them?

    Is your computer and data under a physical lock and key?

    What is your companies information security policy and plan?
    Steve Walker

  2. #2


    Steve Walker don't take any wooden nickels !!
    Dean Schuler

  3. #3
    Senior Member Salicete's Avatar
    Join Date
    Jan 2007
    Olney, Maryland - USA


    Simply using some common sense can greatly increase the security of your data.

    One of the simplest methods is routine password audits, and mandated password changes. This could limit the timeframe for unauthorized users to access and steal information from your system, and of course, anyone who is fired or quits should have their access blocked, even before they go out the door.

    Storing critical data on remote servers is just a bad idea. You not only have to wory about bad apples in your shop, but also the folks who maintain the servers, be they physical or virtual, that you are accessing remotely. If you must access remotely, set up a VPN. Yes, you will be exchanging data over someone else's hardware, but your data can be warehoused on your hardware.

    Make it clear to all employees that they have NO expectation of privacy on your network. It is your property, and you can and should randomly monitor email traffic and computer contents. Have blind copies of all emails sent over your network sent to you, ao a mailbox that you specify, and then read them from time to time. People shouldn't be discussing personal business on you time and, again, they have no expectation of privacy on YOUR network.

    Set administrative controls so that no programs can be added or removed without your approval, and use a good firewall. (Sonic Firewall is a reasonably priced and effective one. You can use corporate defaults, or lock out virtually any site or function that you want.)

    There are any number of encryption programs, whose keys can be changed just like passwords, that are available for your data. They make it very difficult for a person who has stolen the data, and who does not have the correct algorithm to make any use of it.

    Likewise there are a number of "Spysystems" than a administrator can install. One can monitor computer activity real-time, see keystrokes, files and sent-received data, as well as installing trip wires on protected files.

    System Administrators have the capability to restrict access to physical drives on any computer, and you can restrict backup to devices under your control, instead of to disks and flash drives etc.

    The bigger the company, the more expensive and complicated the data security process gets, and you should always know, but never really trust your employees. Don't be afraid to monitor their electronic activity. You may find something as mundane as downloaded porn, or as critical as all of your financial data is in play.

  4. #4
    Senior Member Limo Padawan
    Join Date
    Feb 2000


    Something for everyine to keep in mind.

    ALL major software applications will eventually be web based.

    Microsoft's vision is to have EVERYTHING web based. They are already offering their newest office software in a web based form for a monthly subscription.

    I know change is a hated word but this is where we are headed.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts