2012年5月7日星期一

Simple security for sensitive info

Even when Brad Compton, a 36-year-old mortgage broker, is on the road, his concerns about technology and security are never far behind.

"In a business like mine, where I deal with people's confidential personal information, security is a paramount concern. I take it very seriously," he says.

That means mortgage deals are handled over a secure Internet-based system, not via fax.

For less-sensitive documents, Compton uses cloud-computing services, such as box.net and Google Docs. "Both give me easy access to my documents from my computer or smartphone. I don't need to worry about my computer being stolen and having sensitive information falling into the wrong hands."

Technology can be a boon for owners of small and medium-sized businesses looking to cut costs or operate more efficiently. Security concerns that go along with that technology can resemble a burden: Costly and complex.

Experts say it doesn't have to be that way. In many cases, the best ways to make your business more secure can be as simple as taking the time to use passwords or encryption software.

For instance, if you or your employees use a smartphone, make sure it's password-protected, says Joe Compeau, a lecturer on information systems at the Ivey School of Business at the University of Western Ontario.

That way, if someone gets their hands on the phone, they won't be able to access your email, calendar or list of contacts.

Many small businesses fail to install encryption software on their hard drives to protect the information on the computer or laptop if it is lost or stolen.

"The biggest concern is not hackers, but people just walking out with computers," Compeau says. "This is an extra step, that's not a big step, but it really brings your security level up."

Malware may be lurking in dodgy websites or pop-up ads. Failure to detect malicious software or programs that secretly record a user's keystrokes can be a critical security lapse for small businesses, says Jason Ernst, a post-graduate computer science student at the University of Guelph who runs an IT consulting business.

Hackers and thieves use malware to get bank numbers, user names, and passwords. The best prevention is antivirus and antimalware software.

If you're using free or publicly accessible wireless, known as Wi-Fi, be aware that these networks may not be secure and may be an easy way for others to capture the data being transmitted.

"If sensitive data is being transmitted over a wireless network that is not secured, say at an airport or other public space, it is possible for a malicious person to capture the data easily," Ernst says.

If you collect personal information from customers, give some thought to why you do it, what you do with it, and whether it's really necessary.

"If it's not necessary, stop doing it," Compeau says. "If it is, you need to put in rules about who gets to see it and who has access to it. You really need to think about it and create a plan."

A survey recently commissioned by Shred-it found that while businesses rated protecting and safeguarding customer details as a top priority, nearly a quarter had no protocols in place for storing or disposing of confidential data.

Almost half believed their business would not be seriously affected if company data or customer information was lost or stolen.

But the consequences of loss or theft - flight of customers and reputation - can be huge, says Mike Skidmore, Shred-it's chief security officer.

Instructions on how to handle customer data or confidential information should be built into the basic workings of companies of all sizes, he says.

没有评论:

发表评论