Let’s see—the only way I can think of is to never share any client data with your employees—ever. Even without computers, if an employee is privy to client data, they may “steal” that and use it for other purposes.

The goal is to protect private client data—and you may choose to never enter that into a computer system your employees can access—or never enter it into a computer at all.

If your employees do want to access client data, and you just do not want the employees to be able to easily take large amounts of information, the challenges increase dramatically. Even so, the possibilities are closer than you may realize. Thanks to application delivery and virtualization technologies, you can allow employees to work from home, or the office, without having information stay resident on their computer. You can also restrict them from being able to:

• Save to a local drive
• Print information
• Copy and paste outside your protected space
• Or otherwise retain any information

However, there is little to stop an e-savvy employee from using a digital camera to take a screenshot, or using a yellow sticky note to write down someone’s credit card information or social security number. At least these kinds of activities take “time,” so you are restricting the speed of stealing data.

For what technology cannot solve, your corporate legal advisors can step in. They can help you with non-disclosure agreements, acceptable usage policies, and other agreements for your workers to sign. The key point here is that these do not necessarily prevent the theft, but they do provide you some recourse if the employee is ever caught.

There is even IT data security insurance. If your insurance provider does not offer this service, or if you want to shop around, I know someone who does offer IT security insurance.

In some organizations, prevention is crucial. Once the data gets out, the organization may be damaged beyond repair.

To prevent an employee from e-mailing themselves a client list, there are Data Loss Prevention DLP tools available in the world. They watch for suspicious behavior and can quarantine such messages before sending them out. That delay gives the responsible person in your organization the opportunity to stop the data before it leaves.

There are other strategies as well:

• Provide people with only the information they need to know. A good book full of these examples is Blind Man’s Bluff: The Untold Story of American Submarine Espionage by Sherry Sontag and Christopher Drew.
• Rotate employees through specific duties so their time to do harm is limited.
• Force employees to take mandatory vacations during which time illegal behaviors may be detected.
• Have a separation of duties such that it would be difficult for one employee to commit fraud all by themselves.

While “total protection” may result in your employees not being able to function, there are strategies that can provide you with both productivity and security.

Please post your comments on the blog.

It is beneficial, every year or so, to have someone in your organization shop around for data service rates for your business.

Most of my clients report findings such as, “We now have twice the data rate for one half the price!”

If you have not shopped around lately, now is a great time to do so! Remember to call telephone companies, cable services, fiber providers, and even fixed wireless if it is available in your area.

If you have multiple locations, you may even find that an MPLS solution, where the telephone company handles much of the traffic routing between locations, is a good option for your organization.

After you save money at the office, have your users check their homes as well. I just upgraded our home to a new provider for half the price that is providing two thirds of a T3’s speed for downstream data—speeds I’d only dreamed of before. The Internet is a whole new experience at these speeds! Remember too that commercial service to your business will cost more than residential service to homes, as well as often provide much faster upstream connections than residential services.

Please post your findings on the blog.

If you suffer a data breach or lose a laptop, you may be required to send out letters notifying everyone who has ever done business with you of the possible loss of data.

One of my clients explained that the costs can soar to $5 per person to locate and notify people you’ve done business with. That’s $5,000 for every 1000 people you’ve served!

Additionally, there may be fines levied against you. For example,  in April 2010 the Financial Regulatory Authority fined the brokerage firm D.A. Davidson & Co. in Montana $375,000 after a hacker broke into their servers.

More and more, my clients and audience members are asking about IT security insurance to augment your protection. There is even IT data security insurance. If your insurance provider does not offer this service, or if you want to shop around, I know of an agency that does offer IT security insurance and can write coverage anywhere in the USA: Andy Burkart, CPCU, of Burkart-Heisdorf Insurance Agency. The phone number is 800-989-6174.

I am NOT an insurance professional, so I encourage you to post any information and comments on this blog.

When I use a tool that easy, it is so refreshing.

So much better than the usual, “What do you want? Enter. Are you sure? Are you sure you are sure?” etc. Additionally, think of recent changes Microsoft implemented in their interfaces. On the downside, many people are less than impressed with the new Microsoft Office ribbon menu system. On the upside, Windows 7’s interface has many features I find much more appealing than XP’s interface.

Many people rave at the engineering Apple puts into their products and almost everyone can see why. Xerox shipped the first mouse but Macintosh made it famous. The iPhone definitely made a permanent mark in personal IT history.

One of the next biggest advancement opportunities is voice recognition—and that’s better than you think already. I wonder what the next widely adopted user friendly interface change will be? If you want to, post your ideas and comments in this blog.

If you make your passphrase something like “remember to finish the security project by next month,” you can write it down on a piece of paper and stick it on your monitor. If someone sees that stuck to your monitor, they will think it is just a reminder note (which it is). Another example of a passphrase that would be hard to break is “take the family to go snow skiing in Colorado at night.” That password is much more secure than “@ppl3E5.”

Of course, if you save a file on your hard drive with all your passwords, nothing can help you if a criminal, or even a worker in your own office, finds the file.

I am using Windows 7 64-bit on two of my production machines, including the main laptop I carry to clients, and the machine is working very well. I am thrilled because the computer performs around four times faster than XP 32-bit ever did on this hardware. I am able to get more done in less time than ever before and that made the conversion worthwhile.

I invite you to post your Windows 7 experiences in this blog.

The executives explained they refer to their IT professional as “Poof” because, every time they tell him something that needs to be done, “poof” he is gone off to fix the problem. About 2 weeks after I performed an IT review at their organization, he had indeed implemented a huge number of the recommended improvements. Excellent – and much faster than many of the organizations I audit.

I asked the IT professional if he minded the nickname, and he said he liked it “because it kind of fits.” Nicknames are pretty common in many areas – especially the military.

If you want to, post a comment to this blog entry with any endearing nicknames you use to identify your IT professionals and why they earned it.  And, since many IT professionals read this blog as well, feel free to post nicknames you feel you have earned – as long as they are endearing.  This is your chance to be recognized!

This is a horrible mistake since your IT team needs your help and support in making the network secure.

If your organization ever has a breach, you may be found negligent if you are not practicing due care and due diligence in maintaining IT security. The IT security at most small to midsize businesses is, if I may speak frankly, a joke!

Many IT professionals are already facing insurmountable odds trying to keep employees productive and pleased with too few resources and too little knowledge about more modern tools that could make their jobs much easier. Understand that, when it comes to IT, “modern” can refer to a technology that was created recently. Much of the technology created 3 years ago is so “outdated” that you are losing valuable ROI by not upgrading. Note that Windows XP is an exception to this rule – stay away from Vista at your offices unless your IT professionals are ready for and requesting the move.

If you or users in your company travel, ask yourself if there are any documents they could scan to increase productivity and improve the service you provide your customers.

Most of the portable scanners are about the size of that cardboard tube that is “left over” after you finish a roll of paper towels. The scanner easily fits in a briefcase or other piece of luggage.

Many of them perform OCR Optical Character Recognition so you can copy and paste text into other applications. Some scanners even come with software that creates expense reports automatically.

This can even be part of the “Green” movement. If you want to, the next time you need to make copies of a document to “hand out” to a group of people, scan the document instead and send it electronically to the people.

While that strategy may help some, it is far from being a reliable way to protect your network. First of all, without performing some technical detective work, it is hard for a non-IT professional to tell who the e-mail came from anyway. You may get an e-mail from a cybercriminal who uses “spoofing” to make the e-mail message appear that it is coming from your best friend, bank, the FTC, or anyone else.

Better protection comes from scanning tools running at one or more locations including your e-mail server, your firewall, your spam filter, and the anti-virus client on your local machine.

Training users “not to open e-mail from strangers” is a moot point if your user is supposed to open e-mail messages from prospects interested in your company’s products and/or services.  There is some training that matters though…

Train your users to NEVER click on a link in an e-mail message. The link may say to the user, “click here to read an important announcement about your future employment at this company” and the link underneath may take the user to, “hose the network now dot com.”

Also train the users to never send out any private information in an e-mail message or attachment. The message can be misaddressed, intercepted or forwarded to the wrong person. If something is private, it needs to be encrypted using an effective encryption method. In another blog entry I addressed data loss prevention tools that can even help identify these messages and stop them before they leave your organization.

If your executives or other users use the strategy of “not opening mail from someone they don’t know,” that is a red flag alerting you to a problem you can resolve ASAP.