Data destruction: taking laptop security beyond passwords, encryption.For some time, you've been reading about the risks of data exposure. And while we believe that businesses have gained the upper hand in dealing with hackers, a new threat is emerging--lost or stolen PCs, specifically laptop computers. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. research firm IDC, as much as 60 percent of corporate data resides unprotected on desktop and laptop computers. Client information, intellectual property, customer identity files, financial plans and other sensitive information are just one misstep away from compromise. And according to a CSI/FBI survey, one in 10 laptops will be stolen. Of these, less than 3 percent will be recovered. The potential cost of even a single lost PC, including negative publicity, regulatory non-compliance and legal liability can be staggering. State and federal lawmakers have stepped in with legislation to better protect personal identity information, including the California Security Breach Act (SB 1386), which mandates a business that owns or licenses electronic personal information must disclose any security breach of the system to any resident of California whose personal information was, or reasonably believed to have been, acquired by an unauthorized person. Other federal legislation includes the Health Insurance Portability & Accountability Act There are a number of piece of legislation known as the Accountability Act:
Clearly, companies must take absolute care to ensure data security. But where to begin? IT professionals have stressed the use of strong passwords, data encryption data encryption, the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign , tokens (a portable user authentication See authentication. device that is usually read or plugged into the computer), biometrics and data backup plans. However, security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security such as strong passwords too often rely upon the end-user for efficacy. Users routinely select passwords that are easy to remember--birthdates, children's names or other personal information--so they can access their computer quickly. While easy to remember, these passwords also are easily cracked via multiple means. But laptop security is moving to the next level, from a system that relies on the user for security to one that puts controls in the hands of the business. DATA DESTRUCTION An emerging data protection plan is data destruction--software that can reach out and eliminate data from a computer after the business has lost the device. Data destruction provides an absolute, final step in ensuring that behind authentication, no matter how robust, sensitive data is not exposed to unauthorized eyes. Data can be destroyed by a variety of trigger mechanisms. If a client/host communication can be established, destruction commands can be pushed down from a host server and executed on the lost or stolen laptop. This is a fairly straightforward process, but requires a network connection. Since a business can't be assured that a laptop will again connect to the internet, other triggers should be established to eliminate sensitive data. Such triggers can be based on pre-set rules and conditions, including maximum time between communication events or number of unsuccessful login attempts. If either of these behaviors violate or exceed parameters that the company has established, the data should be eliminated. In this instance, the user has access to the data for that finite amount of time the company establishes. That period, however, can be extended when the user checks in with the server and provides proper authentication. [ILLUSTRATION OMITTED] Data destruction provides further assurances that the company can exercise control over the data for which it's responsible, even if the hardware is outside its control. Destroyed data is the only data that a company can be sure will never be compromised. Computer users should be focused on productive mobile computing Using a computing device while in transit. Mobile computing implies wireless transmission, but wireless transmission does not necessarily imply mobile computing. Fixed wireless applications use satellites, radio systems and lasers to transmit between permanent objects such as buildings tasks that generate returns for the company, and not security compliance. To do so, the company must have the tools that provide control over the data that resides on laptops--no matter how far they stray from the confines of the traditional network. BY CAM ROBERSON, MBA MBA abbr. Master of Business Administration Noun 1. MBA - a master's degree in business Master in Business, Master in Business Administration . AND DOUGLAS J. RUSCH, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. Cam Roberson, MBA, is director of marketing communications Marketing communications (or marcom) are messages and related media used to communicate with a market. Those who practice advertising, branding, direct marketing, graphic design, marketing, packaging, promotion, publicity, sponsorship, public relations, sales, sales and Douglas J. Rusch, CPA, is controller for Santa Clara-based Beachhead beach·head n. 1. A position on an enemy shoreline captured by troops in advance of an invading force. 2. A first achievement that opens the way for further developments; a foothold: Solutions. You can reach them at croberson@beachheadsolutions.com and drusch@beachheadsolutions.com, respectively. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion