Many companies focus their data security efforts around keeping outsiders from hacking into their networks, but a more genuine threat for many small businesses is data theft by insiders. A disgruntled employee or simply a mischievous co-worker may try to access or alter confidential information such as customer lists, trade secrets, or payroll or other financial data.

This kind of fraud can damage your business as much as any other kind of theft.

While computer networks provide your employees with greater access to information, they also require you to put in place safeguards that ensure that only those authorised to view documents and files can do so. The following steps can help reduce the risk of internal data theft, and should be part of your company's data security policy.

Create a sound password policy
Network passwords prompt users to input a confidential code each time a computer boots up and tries to connect to the network. This is the most basic form of data protection, but passwords are only effective if they cannot be cracked.

Avoid words that can easily be guessed by co-workers - things like family member names, references to hobbies and interests, and other terms that people who work with you are likely to know. Also, never write passwords down where others can find them. Ideally, passwords should be a combination of letters, numbers, and upper and lower case characters.

Finally, make sure that users change their passwords frequently, and avoid making new passwords similar to old ones.

Limit information access
Not every file on your network needs to be accessed by every person in your company. Use your network software to create a logical hierarchy of network privileges and protect sensitive information within your company. For example, many businesses restrict access to payroll information, balance sheets and similar data to their human resources and finance departments.

Similarly, label certain commonly-accessed files (such as your customer database) as "read only" so they can't be altered or copied.

Never leave a computer unattended
Users should be encouraged to keep prying eyes at bay by never leaving a file running on their screen when they go away from their desks. In addition, users should be encouraged to log off from the network or lock their desktops (using Ctrl+Alt+Del) when they are away from their computers.

This prevents someone from using the computer and network privileges without their knowledge.

Remove old users immediately
People who leave your company should have their network privileges stopped immediately. This can keep a disgruntled employee from accessing confidential files or otherwise manipulating data.

But even an employee who leaves on good terms might try to download customer lists, product information, or other data that gives your business its competitive edge.

If users have a separate remote password, remember to cancel those to keep former employees from dialing in to your network from home to download important information.

Further Information

• Visit the IBM virtual exhibit in the System/App Integration Pavilion.
• Visit the System/App. Integration Research Pavilion.

March 2006