Lock down your computer security

goldkey1Something all business owners face from time to time is an employee who doesn’t work out. And every so often, one of these employees turns vindictive. As a tech consultant, I’ve heard stories that blow my mind, things I never thought someone would really do.

Possibly the worst – an ex-employee from an internet service provider wiped out all their email. When I say all their email, I mean ALL their email, including all their customers’ email! Not only did the company pay, they lost tons of business and had to work their tails off to make good with all the rest who stayed. No lawsuit makes up for that kind of damage.

While we like to think we work with good, trustworthy people, what if we don’t? Financial motivations in this economy are leading to a steep increase in employee data theft. What if one of our employees is angry and wants to get back at the boss? A dissatisfied employee can very quickly cause serious damage by deleting data files, corrupting your financial records, or downloading viruses to your network. A good security policy is a necessity.

Secure confidential data files by setting up password-protected directories. Take advantage of built-in software capabilities to designate specific users for any software with sensitive data (financials, social security numbers, credit cards, etc.), and limit access so they have just what’s needed to do their job. Change your firewall settings to limit Internet downloads. And most important – promptly remove security access for any employees who leave your company.

You’ll have to balance safety versus productivity.  Too much security can cause administrative headaches, creating employee frustration that eventually may lead you to remove important security settings. However, it’s far better to spend a little time being proactive than to find out the hard way you should have been more careful.

When good employees go bad: protective password policies

BombSomething all business owners face from time to time is an employee who doesn’t work out. And every so often, one of these employees turns vindictive. As a tech consultant, I’ve heard stories that blow my mind, things I never thought someone would really do. 

Possibly the worst – an ex-employee from an internet service provider wiped out all their email. When I say all their email, I mean ALL their email, including all their customers’ email! Not only did the company lose big in terms of recovery effort, they lost tons of business and had to work their tails off to make good with all the rest who stayed. No lawsuit makes up for that kind of damage.

In another case, a financial services company, a former employee guessed at an old server password and used a few tricks straight off Google to plant a very destructive virus bomb that took them down for over a week. Anyone care to calculate the cost of lost productivity?

Protect Yourself!

Simple precautions make all the difference in the world:

  • Keep network and server passwords in a safe place, so that only a few people have access to them
  • Change passwords regularly, across the company
  • Use passwords that are difficult to guess, with combinations of upper and lower case letters, numbers, and special characters, and a minimum length requirement of at least 6-8 characters
  • Avoid “dictionary” words in any common language as these are easy to hack with the right software tools
  • De-activate accounts or change passwords immediately after an employee leaves or is terminated, including any web-based or other remote access

While we can always hope for a graceful parting of ways, these precautions will keep you safe either way. With such high stakes, why take the risk?