Taking note of data protection

04/03/2003 - 21:00


Save articles for future reference.

Too many business operators fail to appreciate the need for tight security with regard to notebook computers, as Julie-anne Sprague reports.

Too many business operators fail to appreciate the need for tight security with regard to notebook computers, as Julie-anne Sprague reports.

FAILURE to provide sufficient security for a notebook computer is the equivalent of leaving all your company documents and access codes in the back seat of an unlocked car, parked on a busy street.

While the analogy may sound extreme, according to IT consultants contacted by WA Business News, a lack of security makes the theft of machines easy and access to data even easier.

However, according to the same IT consultants, security for an increasingly important everyday business tool and asset is not a priority for users.

According to Abacus Perth store manager Brad Delacy, notebook security is not only a low priority for customers, it is not even a consideration.

“It is not often we get asked about security. Most systems don’t have security devices because the consumer is not demanding it,” Mr Delacy said.

While security features were available for notebooks, they were rarely a determinant for a sale, he said.

The lack of awareness and a failure to understand the risks associated with loss of data comes as no surprise to many IT consultants.

According to Kinetic IT director Phillip North, not enough people backed up their work – a process by which information is stored on another device so that, in the event that the physical machine is stolen or misplaced, there is still a way to obtain the data contained on it.

“If your notebook is stolen, having your data backed up could mean the difference between your business surviving or not,” Mr North said.

“Should your data fall into the wrong hands it could have equivalent consequences.

“There are systems that back up your work automatically. Programs such as Veritas Netbackup Professional and CA Lifeguard back up your data automatically. It sits within the notebook and when you access the network it will automatically save updates to the network.

“This is useful for people working offline. Most people have a dial-up modem and it can be slow to access information; back-up systems help back up your work when you are offline.”

Millennium (Australasia) operations manager Justin Lowe agrees that too many people did not have good back-up procedures.

“If there is a back-up system in place it needs to be thorough, you need to store a back-up tape or disk offsite. If someone breaks in and steals everything you do not want the back up stolen as well,” Mr Lowe said.

He said determining how often to back up systems was a matter of potential costs.

“Basically you need to ask yourself: ‘what can I afford to lose and have to retype if it were lost?’”

Safeguarding your data will only help you gain access to those lost documents, however. It does not prevent someone else reading them or accessing the company’s net-work systems.

In order to prevent security breaches companies must use encryption technologies, according to Mr Lowe.

“The first piece of advice I would give people is password protection and encryption,” he said.

“With encryption, if the unit is stolen the person has to work out the encryption before they can access anything.

“It’s prohibitive because it takes more than just passing knowledge to break it.”

Mr North said encryption was essential to portable communi-cations security, but programs that claimed to offer state-of-the-art security, such as finger print scanners, might not prevent data theft when used in isolation.

“It doesn’t stop me pulling out the hard drive and putting it in another machine and accessing the data,” he said.

Encryption will also help protect data sent by people working at home, or on the road, who use Virtual Private Networks (VPNs).

“But encryption does take up a lot of bandwidth. Some robust encryption can take up to half of your bandwidth,” Mr North said.

Passwords are also a key to keeping information secure.

Mr North said many users made the mistake of storing Internet passwords on their machine, usually to provide them with quick access to important Internet sites and information.

“What do you use the Internet for? Those contacts and data can be accessed easily if you have the passwords for them stored on your machine,” he said.

Mr North said many people were not taking security issues seriously enough.

“You only have to see the number of notebooks that are left on the back seats of cars to know it’s not a priority,” he said.

Mr Lowe said implementing secure passwords was the same as protecting passwords for your bank account.

“Would you write your PIN on your eftpos card? Leaving pass-words on your machine is the same thing. I can always look over your shoulder at the ATM and then try and obtain the card but it makes it much harder to access,” he said.

Mr North urged employers to be more pro-active with password enforcement.

“Blank passwords are surprisingly common. Employers should adapt stronger password and overall security policies. Prefer-ably they should utilise tools that will prevent their staff from marginalising corporate security,” he said.

Passwords should never include personal information such as a username, spouse name or the family pet’s name. Mr North said it should be a combination of upper and lower case letters and numbers.

“Of course the level of password protection and requirement for employees to regularly change them will depend on the individual company’s adaptability to the technology,” he said.

Good staff exit procedures would also help maintain a good level of security.


Subscription Options