Security Articles

Information Security for Non-Geeks

Brokers often think that protecting consumer and employee’s personal and financial information is something for computer geeks to do, but many recent high-profile security incidents have had nothing to do with computer settings or the IT department. Besides storing sensitive information on computers, such information is stored in printed reports, voicemail, faxes, on office computers, laptops, PDAs, system backup tapes, and forms.

Improving your physical security can dramatically lower the risk of information theft and reduce your liability. For example:

Building and Work Area Security. The office should have a high quality lock and monitored alarm. Screen and supervise building personnel, and always accompany office visitors. Non-employees should never be allowed access to employee computers or access the network - wired or wirelessly. Installing office web-cameras is an inexpensive way to track comings and goings after hours.

Document Security. Fax machine areas and file cabinets where sensitive information is received or stored should be secured. Documents with sensitive information should never be left unattended rather always locked up. Cross-cut shred unneeded documents.

Computer Theft or Misuse. Use a laptop cable to make computers more difficult to steal. Servers should always be locked away - someone with physical access can bypass even the best technical countermeasures.

Portable Electronic Media and PDAs. Always store portable media such as PDAs, CDs, external hard drives, backup tapes and flash memory drives - in a secure locked location. Before selling or throwing away such media, you should use a software utility designed to overwrite sensitive information. Always shred data CDs before disposal. Real estate practitioners are guilty of losing hundreds of PDAs each year, many of which contain private or sensitive information about their clients, yet hardly anyone uses the password protection feature because that would be “inconvenient” – just do it!

Office keys: Even if you collect keys when employees leave, keys are easy to copy. Either regularly replace locks or ideally, use a magnetic badge system that tracks comings and goings. That way, when an employee leaves, you simply disable their badge.

Look around your office for all the places where you store sensitive information, and please consider taking some the above steps to protect that information. You don’t have to be a “computer person” or “geek” to help protect sensitive information from misuse in your company!

Next month – how the ‘non-geek’ executive can achieve an appropriate level of oversight over information security.

About the author: Matt Cohen is Clareity Consulting's Chief Technologist and leads its security assessment practice. Matt has spoken at many conferences, workshops and leadership retreats around the country on security related topics, and is a well-regarded real estate industry expert on software design, product management, project management, data center reliability, scalability, and security. Clareity Consulting was founded in 1996 to provide information technology consulting to the real estate industry and its related businesses.

Home Page  |  About Clareity  |  Services  |  Clients  |  Publications  |  Events  |  Contact