Most company directors use laptops or netbooks to keep data available when away from their offices, but many do not have any sort of security installed.
Most will have anti virus software installed and many will have a password to log-in. A few will have basic systems in place to prevent data being exported to a memory stick or CD. Some may even have encrypted files.
The main security should ensure that the machine is physically secure. i.e. not left unattended.
The second level must include a secure log-in procedure, i.e. a complex password system, changed regularly.
The third level should ensure that any sensitive data is protected by a second level of security. i.e encryption or second factor authentication.
One of the best methods is to have the laptop as a dumb terminal, holding no data and used to access data in the cloud or on a company server. This does however require a secure internet connection. i.e https:/ but today the loss or corruption of data can have very serious consequences.
My own laptop is kept in a secure location; it has a steel cable attaching it to an immovable object when out of my sight. I use two levels of password and my sensitive data drive is fully encrypted.
I know that a good hacker could get round all my security but I have made it less attractive. There is a balance to be made; really tight security means it is difficult to do anything; too lax and it is possible to lose or compromise data. Somewhere in between must be the aim.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment