Tuesday, October 20, 2009

Is Your Information Secure?

By Mark Brousseau

The records management industry has entered into a new era where organizations need to place a much greater emphasis on securing their electronic information, says Steve Adams, senior records analyst for the National Archives and Records Administration. “We’ve got to change our mindset. We’ve got to become more suspicious,” Adams said during a presentation last week at the 54th annual ARMA International Conference and Expo, in Orlando’s World Center Marriott in Florida.

“The more we get into technology, the more vulnerable we have become,” Adams told attendees, adding that “Microsoft software is so vulnerable to cyber attacks that it is not even funny.”

Adams noted a Gartner study predicting that 30 percent of enterprises using wireless LANs will experience serious security exposure. Adams said over known 200 malicious software programs have been developed for this very purpose. What’s more, a survey by the Computer Security Institute found that 85 percent of computers have been damaged by cyber attacks – despite the fact that 89 percent of these computers had firewalls and 60 percent had intrusion detection. “The really frightening part is that 60 percent of these breaches were from inside the organization,” Adams said.

Sound security practices protect electronic information by preventing, detecting and responding to cyber attacks and other data breaches, Adams told the three dozen people in attendance.

One challenge to good information security is some common myths. These include the notion that:

... Anti-virus software and firewalls are 100 percent effective
... Once software is installed, you don’t have to worry about it again
... There is nothing important on your computer, so you don’t have to worry about it
... Attackers only target rich people
... When computers slow down, it means they are getting old

To help secure your electronic information, Adams provided the following strategies:

... Maintain and use anti-virus software (“But too much or the wrong kind can also cause problems,” Adams said)
... Install a firewall
... Regularly scan for Spyware
... Keep your operating software up to date
... Remove unused software programs
... Follow good security practices
... Be careful what Web sites you visit
...Turn your computer off when you’re not using it
... Never leave your computer unattended at an airport or other public place

Adams said companies should also use good password protocols – requiring staff to use at least eight characters (which take longer to crack) and change their passwords often. And nobody should be exempt from the policy; Adams said senior managers are the worst offenders of password policies.

Organizations should also be mindful of thumb drives, Adams said. While they are excellent tools for transporting information, they also can get through most metal detectors undetected – providing a vehicle for crooks to get information out of your organization without anyone ever noticing, he said.

“We’ve got to have good strategies for how we protect our information,” Adams concluded.

What do you think? Post your comments below.

No comments: