Safeguarding
Computer Data
Your
organization's computer information is too precious
even to put a dollar value on it. But one thing is clear:
If the data are lost or stolen, the results could be
disastrous—not just for your enterprise but also for
your clients, customers and suppliers. So give data
security high priority. Here are nine security tips
every organization should consider.
- Require all employees, vendors and contractors to
sign statements that legally bind them not to disclose any of the
company's confidential computer data.
Back
up data on all computers (desktops and laptops) on a regular
basis.
- Prepare policies that govern what data users can
download onto laptops (which are more vulnerable to loss or
theft).
- Don't allow users to "script" their
Intranet user IDs and passwords on desktops. (Scripting passwords
is a technique used whereby computers are programmed to remember
a user's ID and password and enter it automatically when that
information is requested. Although it saves time, it weakens
security.)
- Don't let users script their remote-access user IDs
and passwords on laptops.
- Limit Internet access to those who have a business
purpose.
- Make "boot-level" passwords mandatory for
all users. (A boot-level password is a code a user must enter
before a computer will boot up, or start.)
- Classify all data by their importance, and enforce
relevant access restrictions.
- Require employees to use "file-level"
passwords on files that contain sensitive or confidential
information. (A file-level password is one that must be provided
before a user can open an individual file.)
Adapted
from 4th Annual Information Security Survey: Analysis of Trends, Issues &
Practices, published by Ernst & Young, LLP.
©1999 AICPA
