As an employer, you have personal information about your employees such as:
• Social Security Number
• Bank Account Information
• Medical Information
This information should be kept secure and restricted to only those individuals with a business reason to have access.
All computers should be password protected. Each user should sign-in with a unique ID and password. Passwords should be a minimum of eight characters made up of numbers, letters and characters. Passwords should be changed on a regular basis and at least every 60 days. Laptop files containing personal client or employee information should be encrypted, and protected with passwords similar in complexity to those used to secure the computer device on which they reside. Some hard drive manufacturers are now manufacturing hard drives that feature built in encryption.
In addition to their regular user ID, Server Administrator(s) should have a separate and unique administrative ID and password for use only when performing system administration activities. System default IDs and passwords should be changed immediately. The administrative password should be longer than the regular user passwords, with a minimum of 12 digits.
COMPUTERS CONNECTED TO INTERNET
Various security practices should be utilized for computers connected to the Internet. These practices include firewalls, up-to-date anti-virus software, current software security patches and spyware.
Many firms have a wireless access point in their offices, either for their use or their clients. When installing the access point, it should be password-protected so that someone close by can not log into the network and access the firm data. If the office already has a hard-wired network, then if possible, the access point should be outside the network so no-one can hack into the servers.
Develop policies for employees who telecommute. For example, consider whether or how employees should be allowed to keep or access client data at home. Also, require employees who use personal computers to store or access client data to use protections against viruses, spyware and other unauthorized intrusions.