A Look at Business Data Security Measures by Thomas Icom I've received some information from our readers regarding the data processing security guidelines set by various companies, and how they are presented to their "rank & file" (ie. non information systems department) employees. I've taken the 10 most common guidelines and presented them so as better give our readers an idea about business data security measures. These guidelines will also be useful if you run a business that makes use of computers, and are interested in how to protect your data. The nice thing about these measures is that they cost next to nothing to implement, and if conscientiously applied, will do a great deal to increase your level of data security. 1) Account information for remote systems should not resident in a PC or it's software. They should also not be written down in any documentation, or otherwise be easily accessible by unauthorized personnel. 2) Remote system passwords should be changed every 7-60 days. (Each company had a different time period specified in that range.) 3) Telephone numbers to remote systems should be supplied on a "need-to-know" basis. The numbers should not be easily accessible by unauthorized personnel. 4) Accounts belonging to transferred or terminated employees should deleted immediately. 5) Information copied from a remote system to a workstation should be assigned the same level of protection that it had on the remote system. 6) Users should logoff a remote system before leaving their terminal. 7) Computers and related material (diskettes, software, manuals, modems, et. al.) should be given the same protection as any other highly portable and valuable property. When possible, they should be secured when not in use. 8) Personal Computer users should make use of the system's keyboard lock when not in use. The key's serial number should be recorded. 9) Data on a hard disk or floppy diskettes should be backed-up, with the copies being stored in a secure, preferably remote, location. 10) Proprietary or Confidential information should be stored on floppy diskettes, rather than on a system's fixed disk.