Lock it down: Laptop Security requires multiple strategies.
| Author | Holl, Suzanne M. |
| Position | Technews |
missing laptops continue to cause losses for many CPA firms, especially in terms of user productivity, billable hours and business opportunities. Even worse is the possibility of a client data breach, the costs of which are significant. Along with the expense of notifying clients whose personal information has been compromised, data breaches affect client willingness to continue doing business with the organization that failed to protect their information. A 2007 study by the Ponemon Institute put such costs at $197 per compromised record, or $1.97 million for a database of 10,000 records.
[ILLUSTRATION OMITTED]
Most experts agree that there is no silver bullet that will solve all of problems associated with laptop security. The best security comes from written policies and procedures, well-trained personnel and the steady application and enforcement of policies and procedures, including adequate safeguards in the event of a potential data breach.
Policies and Procedures
Establishing written policies causes managers to carefully consider the issues involved in the custody and care of laptops, including physical security (as in locking laptops to a desk or equivalent item), building security and access codes or keys. Policies should provide for the "least privilege" rule, in which users do not have any more rights or access to a laptop or program than they need to have, and should address the procedures that help secure information, such as:
* Back up copies of all important data, stored and secured away from your office location, with sensitive information encrypted;
* Installation of firewalls and secure configurations, including programs to scan for and counteract viruses, malware and spam;
* Encryption of all confidential client data at all times; and
* Use of strong passwords and authentication.
Each of these steps is important, but none is sufficient by itself for the adequate protection of sensitive information. For instance, a strong password is invaluable, but difficult to remember and, as soon as the user writes it down, it loses some of its protective value. Encryption of client data is also a necessity, but it can be unlocked or decrypted with a password or key.
'Track and Trace' Data Elimination
Policies and procedures that operate without user involvement appear to be most effective in reducing vulnerabilities. Software applications that bring such security include "track and trace" and data destruction programs.
Track and...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
