On Wednesday, I attended a security conference put on by 3t Systems. One of the speakers, Gabe Minton, stressed that although many companies have sound backup and disaster recovery procedures, they neglect the most basic types of security. For instance, how many times have you passed a conference room in your organization and seen a laptop sitting unattended on the conference table? Especially in financial and health care industries, stringent measures should be taken to ensure that sensitive data is safeguarded. But all companies, no matter how benign their business seems, have employee information that must be carefully protected.
Take the recent computer thefts at Stanford University, East Tennessee State University, and the University of South Carolina—stolen computers that contained personal information such as student, faculty, and staff names, home addresses, birth dates, social security numbers, and ID numbers exposed thousands of individuals to potential identity theft. And of course none of the data on the stolen systems was encrypted.
Clearly, operating in a secure environment means more than just locking down your data. Locking down your actual systems is more important than most people realize.
What kind of physical security measures does your company take? Are you doing all you can to protect not only your company’s data, but also your employees’ data?