Mail House Rock!

Most articles I have read on security seem to concentrate on the sensational.  A hacker worms his way in from the outside and voila he has all your personal information, your credit card numbers, your social security number, etc.  Or, a virus opens up your system and starts transmitting all your secrets to some unknown location on the Internet. 

More recently I have seen articles that highlight the fact that you are more likely to loose data due to employee dishonesty than to an external attack.  And while that is likely to be the most devastating type of attack, it is still not the one I've seen the most often.

All of the above are important and you should take steps to ensure that your data is safe from them.  But the number one cause that I have seen for loss of data throughout the years is...   "The ye old snatch and grab. "   Some low life common ordinary criminal breaks into your office and steals the box.

The good news is, he is normally not after your data, he is after the box.  And he may not even have the technical skill to get to any of it, especially if it is properly secured.  The bad news is you can't be sure of that.  So all of the legally required steps that must be taken when data is lost have to be done.

So... What do you do about it?  Physical security of a computer is pretty much the same as physical security for a file cabinet or a cash box.  I like to think of it as three simple steps:

Deter - Detect - Harass

Deter:

Decent locks, business watch groups, alarm systems, security patrols, etc. all act as deterrents.  And, don't forget that most vital part of a security patrol or an alarm system is the stickers and notices that say that you have one.  They do 99% of the work,  so make sure you put them up. 

Visible external bells and light systems are also nice.  They let your potential intruder know you aren't going to take their intrusion lying down.

Also try and keep valuable items out of plain sight, and away from windows.  These items are the reverse of a deterrent, they tend to invite the thief to break in.

Detect:

This is primarily the job of your alarm system.  If the intruder goes undetected he can work at his leisure and you will loose far more of your valuables.  It's also vital for the next step.

Harass:

Annoy him.  Slow him down....  Have a nice loud ear splitting buzzer to keep him constantly reminded that the police are on their way.  Put locks on internal doors, lock your file cabinets, etc.

Cable or bolt your computers and external drives to the walls or desks; but do not cable the monitors, printers, scanners or other valuable peripherals.  Those are easy to replace, your data is not.  Give him something easy to grab and he will likely grab that and run.  Most thieves are not after your data, most wouldn't even know what to do with it.  They want something they can sell quickly and easily, they know they only have a few minutes to work.  So give them something easy and get them the heck out of there.

-----

Well... that's step one.  Have anything you do to Deter, Detect or Harass that I didn't mention?  Leave a comment and let me know.

While I was waiting for the previous post to come back from my proof reader.  I ran across a rather like minded post I thought it might be helpful to share.

Suzanne Obermire at RRW Consulting  posted a nice summary of an article by bmighty.com:  10 Database Security Tips For Smaller Businesses.  The article she references may be a bit steep for the non-technical crowd, but her summary of it is a good read.  You can find it here:  Ten Database Security Tips

Makes a good read while you wait for me to fill in this section with more content.

I generally run across two viewpoints when it comes to security, the totally oblivious to it and the totally freaked out about it.  Frankly neither of these groups have a good grasp on what it takes to maintain a reasonable level of security.

So... should you worry?  Well... I'm not sure that worrying will help, what you should be is well informed.  Then you can take the necessary steps to protect yourself and your customer against what can be a very devastating event for both of you.  And you can still sleep well at night!

The privacy laws that have been enacted at state and federal levels make some degree of security a necessity when dealing with any personal identifiable information.  When the data relates to finances or health the requirements are even higher.  In most cases if data is lost you will be required to contact the consumer who's data was lost and inform them of the loss.  This is a very large embarrassment to your client and can trash their reputation with their public, not to mention the potential damage it could cause to their consumers!  So it is something that is vital to avoid.

Even if you never touch the data files, the details of your clients marketing campaign can be very embarrassing if leaked, so security is still important.

In this section of my blog, I will be highlighting the steps you need to take to achieve a reasonable level of security.  I'll cover some of what the dangers are and what you should be doing about them.  I will be keeping it simple and designing my posts for those who are not overly computer literate.  So, if you have questions, comments or suggestions, please ask them or post them, I will be more than happy to help.