Many small companies “live and die” with technology in this fast-paced environment. Accordingly, you are obligated to take threats to your computer system seriously. But it may come as a surprise to you that unauthorized use does not usually come from the outside; it can be found inside your own company. In other words, employees are often the prime source of the security problems.

Case in point: An employee may unknowingly create security problems by sending
e-mail attachments to other users in the office. This could result in the spread of computer viruses or worms. Similarly, if an employee unwittingly sends attachments outside the office to clients or other parties, it could cause a security breach. Of course, the situation is magnified for employees who are carrying a grudge.

What can management do to avoid these problems? One possibility is to establish classifications for data based on the permissible use. For example, data may be labeled as public, internal, restricted and confidential. By implementing these classifications, employees would not be able to gain access to data without the requisite clearance.

It is recommended that you take additional security measures for laptops used by employees who frequently travel on business. For example, an employee might leave a laptop at the airport or in a taxicab. To protect against a potential disaster, you can restrict access to sensitive information to the in-house network. Although it might be inconvenient for employees, limited information would be allowed on laptops. But this method is not foolproof.

Alternatively, your company may use Basic Input/Output System (BIOS) passwords on laptops. Although BIOS passwords can still be circumvented by sophisticated hackers, they are a viable deterrent to most outsiders.

Yet another idea is to use full disk encryption in combination with BIOS passwords and restricting sensitive data on laptops. This would enable the entire disk to be encrypted (i.e., it is unreadable to everyone except for authorized users). This has proven to be the most effective solution for a number of companies.

If your company is using USB drives, be aware that these devices can easily transfer data. If an employee loses a USB device, the information is available for virtually anyone to see and read. As with laptops, use of encryption may be the best solution.

Last, but not least: Utilize the benefits of employee training sessions. Make sure your workers understand how an e-mail can easily be retrieved by a competitor or some other outside force. Don’t leave this to chance.