Protecting company data residing on insecure personal computers is one of the most challenging tasks facing IT security groups today. Software and firewalls, along with highly trained network administrators make the datacenter one of the safest places to keep corporate data. When that information is downloaded to a local PC or laptop and taken offsite, the potential for a security breach increases exponentially. In order to mitigate these risks without interfering in the usability of the computer, several steps can be taken to decrease the likelihood of a data loss or breach.
The first step to a secure personal computer is to increase the complexity of a user’s password. Not only should passwords be forced to contain letters and numbers, but using mixed case, symbols (#, !, $…) and disallowing repeating patterns make passwords much more difficult to crack. The passwords should be at least 8 characters long and set to expire every 30 to 45 days. In a Windows Active Directory environment, using Group Policy is an easy and effective means of providing security. Additional measures can be taken to force computers to automatically lock themselves with a screen saver after 10 minutes and should be strictly enforced without allowicng users to override these settings.
While password security can prevent the most casual hacker, securing data when a device is lost or stolen becomes more complicated. If users have mobile devices such as cell phones or iPads with access to corporate email systems, it is crucial the organization has a method to perform a “remote wipe” of such devices. For laptops, IT organizations should focus on the encrypting the entire disk in case a device is lost or stolen. Hard drive security is so critical Microsoft has incorporated BitLocker encryption technology in certain versions of Windows 7 in order to provide another layer of protection for company data.
The most advanced organizations are taking the data off of the laptop and securing it in the data center with remote access technologies. Virtual Desktop Infrastructure or VDI allows users to have access to their computers from any device without putting corporate data at risk of theft or loss. Keeping corporate data on servers with remote access capabilities offers two distinct advantages: the data is locked away in a highly secured environment and users have the ability to access work information from virtually anywhere. Many companies have taken this technology a step further and allow personnel to purchase their own computers while providing reimbursement and simple corporate guidelines on which equipment to buy. The time to deploy new desktops is reduced significantly and the potential for unauthorized access is considerably reduced.
In the end, PC security is fundamental to the enterprise. As data grows and becomes more valuable, it becomes increasingly important to mitigate the risk of theft or loss. Simple steps in changing password policies combined with sophisticated encryption and remote access technologies give IT organizations the tools they need to protect PCs just as securely as they would protect their data center. PC security should always be factored into IT projects and form the foundation of IT solutions delivery.
For further information on PC security, please contact Jonathan Giglio.
Interested in receiving more timely articles like this one with topics that are relevant to your business? Click here to sign up for our weekly newsletters.
Schneider Downs provides accounting, tax, wealth management, technology and business advisory services through innovative thought leaders who deliver the expertise to meet the individual needs of each client. Our offices are located in Pittsburgh, PA and Columbus, OH.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax-related matter.