In response to customer inquiries for suggestions on Data Security, we offer ideas regarding the following areas of concern:

  • Data Backup
  • Physical Security
  • User Access
  • AntiVirus
  • Electrical Protection
  • Major Disaster Recovery
  • Firewall
  • User Training

Data Backup:
A 4-fold backup system is recommended for maximum security and most immediate resumption of operations. The redundancy provided in such a system covers most conceivable contingencies. Such a system contains the following elements:

  1. A hardware based mirrored drive system (such as RAID-1 or RAID-5) This system provides seamless transfer of control in the event of physical drive failure, but does not protect against virus attack, data corruption, physical disaster, or theft.
  2. Automatic disk to disk backup of critical files or folders during the day. The data is copied to another drive on the local area network. Provides nearly immediate restoration in the event of a minor data loss.
  3. Nightly tape backup. Provides daily protection against viral attack, physical drive damage, or other data corruption. Requires human intervention to change, inspect and verify tapes.
  4. Automatic Remote backup. Highly encrypted automatic system to backup and transmit to redundant offsite servers, backup sets protecting data, applications and operating system. Provides archival protection against corruption or viral attack; provides protection against physical disaster or theft; provides secure redundancy to multiple locations.

At a minimum, an Automatic Remote Backup will provide the most comprehensive security at the lowest cost.

Anti-Virus
Most viruses, worms, and other malicious programs are presently being spread by e-mail and through visits to infected websites. Virus can also enter computers through infected removable media such as diskettes, and from CDs provided by careless software vendors. Each server and workstation on the network should have antivirus software that meets the following criteria:

  1. Produced by a recognized vendor providing daily automatic updates.
  2. Receives updates without the need for reboot except on rare occasions.
  3. Offers automatic email scanning.
  4. Is configurable to avoid interfering with normal application processes.
  5. Does not significantly affect system throughput.

Firewall
Protecting the entire network from attack by hackers, disgruntled employees or others is a frontline defense that must be setup and carefully monitored. The firewall may be a hardware device or a software application, and should be installed and maintained by a local IT professional. There are a wide variety of devices on the market. Some key elements:

  1. Easily configurable to permit necessary protocols and traffic and changes thereto as necessary.
  2. Provide for easy replacement and reconfiguration in case of hardware failure.
  3. A written guide to settings and operation should be readily available.

Personnel Training
Data loss is most often caused by human error: accidental deletion, invalid data entry, attempts to ‘fix’ a configuration without adequate training, etc. There are inexpensive but effective training courses in most cities. A few hours of basic instruction for each employee can greatly reduce problems in the long term. When new applications are installed, vendors should provide basic instruction for the primary operators.

Physical Security
An attempt should be made to limit physical access to file servers by locating them in a locked room. Limit access to all machines by having a password protected screen saver wherever practical. Users should log off any machine not being used. Applications should be closed – not simply minimized - when not in use.

User Access
Each user should be assigned the level of access appropriate to his needs. The primary Administrator plus at least two other administrator level personnel should have access to the file permissions for each domain. The registry (and the System State in the case of Windows Active Directory) must be backed up regularly.

A written company policy regarding Internet Access and E-mail usage should be adopted to avoid wasted time and improper employee activities.

Electrical Protection
At a minimum, each workstation should be protected by a surge protector for all 110 volt lines and any telephone line. At a minimum, each server should be protected by a UPS with sufficient battery power to allow an orderly shutdown. If power outages are not acceptable, an auto-start electric generator can be considered.

Major Disaster Recovery
Many firms provide immediate delivery of pre-configured equipment in case of total equipment loss. Mobile recovery units are also available in case the loss extends to the primary structure. Operations requiring immediate resumption after a major disaster should carefully consider this option.

Conclusion
A semi-annual audit of each the above areas will provide insight into any deficiencies that may develop as software, hardware and users change. Written instructions and specifications for each security aspect, each piece of hardware, and manuals for each software product should be filed in an orderly fashion to permit immediate access when needed.

© 2005, ACES Stockade
Microsoft, MS Word, MS Excel, MS Outlook, Windows 95, 98, NT, 2000, & XP are registered trademarks of Microsoft Corporation.
[ How it Works ] [ Downloads ] [ Video ] [ Fees ] [ FAQs ] [ Support ] [ Contact Info ] [ Home ]