Thursday, September 17, 2009

From Privacy Academy - The Seven Step Program

Sounds like common sense, but it is food for thought -- and will be required under new Massachusetts data security regulations:

The seven easy ways to protect PC based information from theft

The proliferation of Personal Storage Devices (thumb drives, iPods, USB external hard disks, etc.) and simple remote access has created unprecedented levels of convenience and at the same time a substantially increased risk of data loss. Pocket sized external USB storage devices can put hundreds of Gigabytes of data storage at your fingertips which is easily enough space to house an industrial-strength database or thousands of documents, spreadsheets, photos and other sensitive information. With the right software installed, these devices can be configured to automatically transfer data off any machine into which they’re plugged. This can be a convenience for the owner of the data, or for the Bad Guy an easy way to potentially access and steal your data. Exploiting this type of threat is very inexpensive and does not take expertise.

Securing your environment is very easy and involves a multi-tiered Best Practices approach including:
  • Creating and enforcing sound policies and procedures that lock down the system BIOS on all computers processing, storing or transmitting data.
  • Creating a logon requirement that uses password and / or biometric authentication every time the PC is turned on.
  • Requiring the use of strong passwords that contain a minimum 7 character combination of both alpha and numeric symbols.
  • Never sharing or writing down your passwords.
  • Automated forced changing of passwords every 60 days.
  • Locking the PC after 10 minutes of inactivity to prevent unauthorized access to the machine and its data when the user steps away.
  • Turning off the PC when it is unattended for long periods of time. This one is an often overlooked critical step. If it’s on it can be accessed remotely.