Let’s see—the only way I can think of is to never share any client data with your employees—ever. Even without computers, if an employee is privy to client data, they may “steal” that and use it for other purposes.

The goal is to protect private client data—and you may choose to never enter that into a computer system your employees can access—or never enter it into a computer at all.

If your employees do want to access client data, and you just do not want the employees to be able to easily take large amounts of information, the challenges increase dramatically. Even so, the possibilities are closer than you may realize. Thanks to application delivery and virtualization technologies, you can allow employees to work from home, or the office, without having information stay resident on their computer. You can also restrict them from being able to:

• Save to a local drive
• Print information
• Copy and paste outside your protected space
• Or otherwise retain any information

However, there is little to stop an e-savvy employee from using a digital camera to take a screenshot, or using a yellow sticky note to write down someone’s credit card information or social security number. At least these kinds of activities take “time,” so you are restricting the speed of stealing data.

For what technology cannot solve, your corporate legal advisors can step in. They can help you with non-disclosure agreements, acceptable usage policies, and other agreements for your workers to sign. The key point here is that these do not necessarily prevent the theft, but they do provide you some recourse if the employee is ever caught.

There is even IT data security insurance. If your insurance provider does not offer this service, or if you want to shop around, I know someone who does offer IT security insurance.

In some organizations, prevention is crucial. Once the data gets out, the organization may be damaged beyond repair.

To prevent an employee from e-mailing themselves a client list, there are Data Loss Prevention DLP tools available in the world. They watch for suspicious behavior and can quarantine such messages before sending them out. That delay gives the responsible person in your organization the opportunity to stop the data before it leaves.

There are other strategies as well:

• Provide people with only the information they need to know. A good book full of these examples is Blind Man’s Bluff: The Untold Story of American Submarine Espionage by Sherry Sontag and Christopher Drew.
• Rotate employees through specific duties so their time to do harm is limited.
• Force employees to take mandatory vacations during which time illegal behaviors may be detected.
• Have a separation of duties such that it would be difficult for one employee to commit fraud all by themselves.

While “total protection” may result in your employees not being able to function, there are strategies that can provide you with both productivity and security.

Please post your comments on the blog.

You can watch the short video on this story. Keep in mind that more and more social media tools are offering a service, sometimes turned on by default without your knowledge, to broadcast your GPS position.

Choose your friends online wisely. Watch two videos that demonstrate this principle:

• Facebook Identity Theft: Office Romance Goes Wrong When Facebook Profile is Hacked
• Car Wreck Car Crash and Social Internet Safety

For suggestions on how to be safe online using social media, visit www.learntobesafeonline.com

I am running Windows 7 on two of my machines and am impressed so far. This seems to be what I expected from Vista finally delivered.

More Power: One of the biggest reasons I want to let go of XP and move to Windows 7 is that the 64-bit version of Windows 7 can take advantage of more memory and processing power, and it seems the drivers are catching up better than in the 64-bit version of XP.

More Security: Eventually, and likely even out of the box, Windows 7 will be more secure. Poor old XP was released when most of us would use our telephone modem (remember those screeching sounds?) to connect to the Internet whenever we wanted to browse the web or use e-mail.  It is time for the new generation of operating system.

So should you switch ASAP? Yes, on one or two computers.  No, definitely not for the entire office until you thoroughly test one or two computers first to be sure they will be stable with all of the applications your office uses. Then, after that, you will probably want to start upgrading all of your machines.

There are documented problems of employees “taking data home to work on it” and then they lose their memory stick, hard drive, or laptop and the data falls into the wrong hands.  Other employees copy data and send it to competitors. In addition, often, users unwittingly send out private information through insecure channels.

For example, if you stop users from being able to plug in USB memory sticks and portable hard drives, they will burn the data to CD’s or DVD’s. If you stop them from using CD’s and DVD’s, they will e-mail the information to themselves. If you stop them from e-mailing the information through your server, they will get a web mail account and use that to e-mail the data. If you manage to block sending data through webmail, they will find a remote access tool that allows them to transfer files to a remote computer. And so on – it seems that “plugging the holes” is next to impossible.

This is where Data Loss Prevention tools come into play. They restrict users from intentionally, and even unintentionally, sending out private information through any means.

These systems monitor to detect and prevent sensitive information from leaving your organization through any means. If you approve for some users to use removable media such as an external hard drive or USB memory stick, the media can be automatically encrypted without the user knowing what to do.  Some software will even stop users from using the “print screen” option to steal data that way.

When a user unintentionally attempts to copy data, a window pops up explaining that their attempt was blocked and why. This helps educate users about what is and what is not acceptable. This kind of real-time feedback can also generate logs for managers who are looking for trends in employee behavior.

If your organization has intellectual property, private information, or falls within government regulations, it is time to talk to your IT professionals about implementing data loss prevention technology.

The simple solution? Have your IT professionals use full disk encryption on all laptops and then even the desktops. This means the data is scrambled on the device until the user enters their normal login. The setup is simple, the computer remains fast, and the user needs no additional training.

If your IT department isn’t setting up full disk encryption for all computers yet, ask them to start today.

Some people choose to use a different browser other than IE. I use Firefox, Chrome, and Internet Explorer depending on the task. You may choose to switch browsers or use other browsers as well. Just keep in mind that ALL browsers need to stay patched and current. If your organization uses WSUS for patches, keep in mind that WSUS will patch IE but will not patch Firefox centrally – a reason to consider staying on IE.

The most important thing is, no matter what browser you use, be sure to keep all the applications, operating systems, and firmware in your devices patched with the latest security patches. If you continue to use IE, be sure to backup your computers and apply the patch using a staged deployment when Microsoft releases the patch on Wednesday.

What if there are virus infections on the outsider’s computer? What if those viruses infect your network?

What if the user performs an illegal behavior using the Internet? The police will come to your office looking for the perpetrator.  If you provide an unsecured wireless network, the suspect may have been outside your business in a truck in the middle of the night when he broke the law using your Internet access.

Take steps to control this including:

• Teach everyone in the organization how dangerous it is to connect unauthorized computers to the network – wired or wireless.
• If the executives agree to deny guest computers all together
  • Have a strong written policy that people sign saying that NO computers will ever be connected to the internet without the IT professional’s prior approval
  • Securely encrypt wireless networks (and if your IT professional still thinks WEP encryption is secure, have them search Google for WEPCRACK sometime)
  • Your IT professionals may choose to use other technology solutions that monitor for unauthorized connections and potentially deny them access such as http://www.laneye.com.
  • Encourage your guests to sign up for their own connections such as Verizon, Sprint, or AT&T broadband access. These connections can be used in almost all populated areas.
• If executives feel they must offer access to guest computers during conference meetings and/or other times
  • IT may implement a form of endpoint security that makes sure the connected laptop meets specific requirements (updates, anti-virus, etc) before being allowed to connect
  • IT may implement password security using, for example, RADIUS or Cisco authentication for guest computers.
  • Put any unprotected wireless access points on a hot tub timer so they turn themselves off automatically after an hour or two.

In addition, I see many IT professionals come up with the idea of signing up for a separate broadband connection such as a DSL or Cable link for the exclusive use of guests for Internet access.  Yes, this will help protect our network from the guest’s computer and is similar to connecting the guest computer to a DMZ so they are outside our firewall.  Keep in mind, however, that the risk is that if the guest (or a program on their computer) performs an illegal act, the police will trace the traffic back to your company either way.