Jay Sachetti joined Jeff O’Brien, partner at Husch Blackwell and Dyanne Ross-Hanson, president of Exit Planning Strategies talked about the market for mergers and acquisitions, exit planning opportunities for companies that don’t end up for sale and how companies can maximize their eventual sale price during an early October panel at the first Upsize on Tap event at Summit Brewing Co. in St. Paul.
When the state Legislature passed a law requiring employers to provide paid leave and safe time for employees, Justin Bieganek started hearing differing details from friends, colleagues and peers.
I wondered how many of those laptops contained confidential information on health-care patients, employee retirement programs or consumer credit histories. We are becoming increasingly dependent on the data that is used to track our lives, and companies are now being scrutinized on how well they keep and protect that data.
Large businesses are spending enormous time and effort to change their information-handling policies — and they are beginning to shine their spotlights on their smaller business partners and vendors. Security has become a fixture of our business climate and for a small business with limited resources, size can be a liability in this new environment.
Businesses tend to take a reactive approach to security. Recent stories about stolen laptops containing private data such as Social Security numbers and credit card records are front-page news. Losing confidential customer information is a business continuance issue — as in, your business might not continue if it happens.
Information technology professionals are always trying to balance security needs with convenience. Unfortunately, convenience almost always wins, primarily because people just don’t like change. A company I worked for required the staff to change their passwords every two months, a sound security policy that almost started a revolt.
Many organizations have smaller — or no — IT groups and cannot afford outside security consultants. I have worked with hundreds of organizations to set up secure data-handling practices, and offer some practical tips for addressing security issues that repeatedly surface.
Every organization must understand its own security needs and threats. You can hire expert consultants to help you implement security policies, but before you do, make sure your organization assesses its specific security concerns and then allocates the necessary money to implement proactive security policies.
I’m talking about a philosophical change in the way your business prioritizes security issues because today, corporate security may equal corporate survival. Can your organization survive if intellectual property is stolen or if your confidential customer data is made public?
I bet a significant percentage of e-mail accounts can be cracked because of passwords like the user’s last name or a child’s name. According to BBC News, three-quarters of people questioned in a street survey were willing to provide their passwords in exchange for a candy bar!
Make sure your passwords are at least eight characters long and include both upper- and lower-case letters and numbers. Using a short, memorable quote is a reasonable compromise between a complex password and an easy-to-guess password.
I have devised a simple test. If you accidentally left your laptop on a busy street corner, would you be able to sleep that night? Encryption allows a good night’s rest and is incredibly easy to implement on today’s computer systems.
In most cases, it is simply a matter of enabling encryption features on your computer file system. It renders the data on the device unusable to anyone but the device’s owner. Steal my laptop? No big deal. You haven’t stolen my data.
I recently read a story about a guy whose failed computer hard drive was replaced at an electronics store in Cincinnati. Six months later someone bought his failed hard drive at a Chicago flea market and called him to report that all of his confidential information was still on the drive.
Businesses throw out or replace old computer gear all the time. Free technologies such as Eraser (www.heidi.ie/eraser/) exist that allow IT staff to securely erase data storage devices before they are released into the wild.
People take the time and effort to shred confidential documents before throwing them away. Hard drives should be no different. Simply use software programs like Eraser to scrub the hard drive data before discarding the drive.
Most forms of Internet communication are insecure. Anytime you e-mail confidential information to business partners and vendors you are exposing that data. You have about as much security as if you were strapping the data to a carrier pigeon — the communication is probably safe as long as the bird is well fed.
Skilled service providers can work with businesses to ensure that Internet communications between staff members and business partners are secure using technologies such as Virtual Private Networks (VPNs), encrypted communications between networks that are not located in the same building.
Data backup systems are not terribly exciting, but data backup is your most important defense against security issues. Many viruses and crackers seek to destroy your corporate data.
Estimate a dollar value of your corporate data. Now review how much you have spent on your backup system to protect that data. You should back up your corporate data daily and store copies of the data at an offsite location.
No matter how many security safeguards you put in place or how much you spend on technology, the weakest link in the security chain is always people. Minimizing your risk starts during the hiring process by screening job applicants to determine trustworthiness.
Establish security awareness training for your workforce. Sometimes the most ingenious security attacks do not involve technology. For example, a potential data thief posing as an employee of your Internet Service Provider may be able to coax someone on your friendly and courteous staff to share key information. The more your employees are aware of possible threats, the better prepared they are to deal with them.
The existence of your business may depend on the security safeguards you put in place. The loss of reputation may be more damaging than the loss of data to your organization.
The practical advice I have given is only a small part of your corporate defense. Take the time to review your security policies. Engage your service providers and ask tough questions. And remember to take that laptop with you when you get off the train.
