Click Here to Install Silverlight*
United StatesChange|All Microsoft Sites
Small Business Center
Small Business Center 
Search for
Loading...Loading ...

Keep data safe on the road: 12 tips


By Christopher Elliott

How safe is the data on your employee's laptops and mobile devices when they're out of the office?

If you answered, "not very" you're probably right.

An astounding 81 percent of companies polled by the Ponemon Institute in 2007 reported the loss of one or more laptop computers containing sensitive information during the previous year.

"Concern over information loss has increased," says Robert Siciliano, chief executive of IDTheftSecurity.com and author of "The Safety Minute: Living on High Alert" (Safety Zone Pr, 2003). "But not enough to stop it."

Why not? Many small businesses believe a security breach won't happen to them or to their employees. The excuses range from, "Who would be interested in our data, anyway?" to, "It wouldn't affect the company."

But those are just excuses, say experts. The reality is that every time you or your employees leave the office, they're putting your company's important data at risk. Unless you take precautions now, you could end up compromising that information and possibly damaging your company.

Here are 12 tips for keeping your company's data safe while you're away:

1. Encrypt it.

It's one of the most overlooked-and easily fixable-precautions that a small business can take, according to Gary Kessler, an associate professor at Champlain College in Burlington, Vt., and an expert on information security. "It doesn't have to be the most sophisticated crypto in the whole wide world, since most thefts of computers on the road are crimes of opportunity and are not targeted towards the individual," he adds. "Simple use of the Encrypting File System (EFS) or Pretty Good Privacy (PGP) is probably more than ample."

2. Back it up.

When data goes missing, it is often the only copy. Not only has the information potentially fallen into the wrong hands, but it's probably also lost forever. That's why Paul Winkeler, of Cleveland-based owner of PBnJ Solutions, suggests taking precautions before hitting the road. "Make sure to back up all important files onto the company servers before leaving town," he says. "If those servers are in turn backed up to an e-vaulting provider, it may be possible to restore your files directly from the provider to your hastily-purchased replacement."

3. Travel smart with your technology.

A few simple precautions can prevent data loss, according to Steven Berwick, a principal with the accounting firm Kaufman Rossin & Co. in Miami. "Never leave your laptop unattended," he says. "Don't leave it in the car, in the conference room, or in the workspace you're using at a client's office unless it is locked." He also warns employees against setting a laptop on the floor in a crowded place, like an airport or train station. And never check in a laptop as luggage. (There are two reasons: First, your computer could get damaged; and second, most airlines don't cover damages to electronics in their contract of carriage, which is the legal agreement between you and the carrier.)

4. Don't work from an unsecured computer

Many hotels and conference centers offer courtesy PCs to guests so they can access e-mail while they're away. Bad idea, says Kenneth Goldberg, chief executive of MCG Internet Services, a New York-based information security application provider. "The single most important tip for securing road warrior information is to minimize work done on a local computer," he says. The solution? Directly connect to a remote server for document and data management, preferable from your own PC or PDA. Many of these public computers are infected with spyware that monitors and records your keystrokes. "It is important to not be lulled into a false sense of security," warns Goldberg.

5. Use a password.

Believe it or not, many mobile devices lack even the most basic password-protection. "Passwords are among the simplest and most reliable form of data protection available," says David Milman, chief executive of Rescuecom, a computer service and repair franchise. There are four basic password rules he recommends small businesses follow. First, make sure your password is at least eight characters. Second, include at least one number, one capital letter and one special character, such as "#" (but don't use numbers instead of letters, such as m0us3, since password crackers check for these). Never use a word that can be found in a dictionary, thereby preventing a "dictionary attack." And finally, resist the urge to use personal information such as your birthday because this information can be found out.

6. Get on a stick.

Here's another recommendation from experts: Instead of carrying your company's sensitive data on a PC or PDA, keep it on a memory stick or portable hard drive. "That way, it doesn't matter if your laptop is stolen or damaged, your data will be fine as long as you have the USB memory device," says David Kelly, president of Upside Research, a Boston-based technology and consumer research company. As a bonus, many of these devices allow you to encrypt the information on them, so even if they are lost, they're useless.

7. Get a security policy-and stick to it.

Having an ironclad policy about how to treat company laptops will take you a long way in keeping your data safe, according to the pros. Such a policy should be comprehensive, says Dor Skuler, general manager for mobile security at telecommunications provider Alcatel-Lucent. It should address what to do with a laptop "anytime and anywhere, regardless if the laptop is on, off or even online," he says. Likewise, such a policy should extend to your business network. "A server that is deployed on the enterprise premise should terminate secure tunnels and manage user credentials, patch management and security policies," he advises.

8. Inoculate your laptops before releasing them into the wild

There's a lot of bad stuff out there. Make sure your employees' mobile computing devices are protected, says Skip Taylor, vice president of product marketing Fiberlink Communication, a networking company based in San Jose, Calif. "Be sure your laptop is equipped with the right blend of IT security: anti-spam, anti-spyware, a Virtual Private Network and a personal firewall," he adds. "Because hackers use a variety of tactics to defeat security."

9. Educate your employees.

If your people don't know what's out there, how can they take the necessary precautions? That's the assessment of Gareth Maclachlan, chief operating officer of AdaptiveMobile a Dublin, Ireland, mobile security firm. "Mobile users should be aware of every site they visit and every communication they open on their mobile devices," he says. "Unsolicited communications, no matter how inviting, can contain threats to the mobile device. People should only open communications from known sources and limit mobile Internet browsing to trusted sites."

10. Don't be stupid.

"People display highly sensitive data, like company secrets and even information that could facilitate identity thefts, on their laptops," says Alan Brill, a senior managing director for Kroll Ontrack, a security firm. "They don't bother to install an inexpensive polarizing overlay that could avoid shoulder-surfing." And that's not all. Brill has seen people talk on cell phones "as if they had the old Maxwell Smart Cone of Silence from the 'Get Smart' series." Also, he says, "Lose the briefcase that has 'Computer Inside' written all over it." In other words, if your case says "IBM" or "HP" or "DELL" or even a well-known manufacturer of computer bags like Targus, you've increased your radar profile for thieves, he says. There are lots of less conspicuous bags out there that can help you avoid being the next victim. "Use common sense," says Zulfikar Ramzan, a senior principal engineer at Symantec.

11. Consider data-level security precautions.

These add yet another layer of security to your documents, protecting them from would-be thieves. "There are cost-effective security solutions on the market that are easily integrated with Microsoft products like Exchange, SharePoint and the Office suite," says Tom Klaff, chief executive of Surety, a Reston, Va., provider of digital record notary services and timestamping. "They provide a simple way for small businesses to benefit from these solutions without radically changing existing IT policies and procedures."

12. Don't leave well enough alone

If you're really concerned with security, these precautions just represent a good start. Experts say you should always be working to improve your safeguards, even as the bad guys try to crack your defenses. "You have to control who can access your data," says Andy Solterbeck, a vice president of product management at SafeNet, a Baltimore-based company that develops protection and cryptographic-based solutions for business and government. For companies that are serious about security, "a user ID and password are not good enough. There should be some form of two-factor authentication, like a Smart Card, USB token or SoftCerts. But do not rely [solely] on passwords," he says.

Keeping your data safe while you're out of the office is an ongoing challenge. And, says John Clancy, president of Boston-based backup solutions provider Iron Mountain Digital, "It's top of mind for executives these days." But with a few precautions and by taking a long view on mobile security, you can make sure your company's valuable information doesn't fall into the wrong hands.

 
The article will display in 15 seconds.
Print Print Email Email Text Size Text Size [ A A A]
Live Live It Del.icio.us Del.icio.us Newsvine Newsvine Facebook Facebook Digg! Digg This Others Others
Section:   Previous Article  Article 1 of 12  Next Article 
 | Next Next Page
Previous Page Prev | 
 
 
 

© 2009 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy Statement
Microsoft