Steps To Security

Steve sommer, cio at hughes, hubbard and reed, relies on a combination of embarrassment and peer pressure to keep the lawyers at his New York City-based firm in check. "If somebody doesn’t comply and we’re working on a confidential policy, then that person can ruin the whole deal for us," he says, and nobody wants to be that person. On the technology side, however, common sense isn’t enough. Especially when users are accessing network resources remotely or dealing with sensitive material, the CIO needs to address three components of security: the hardware, its data and any network connections. Here are some tips for better security:

Cable locks that allow users to tether their machines to a desk or the furniture in a hotel room have been used for years, but some companies are taking physical security to another level. BG Group, for instance, marks all its handheld units with a chemical coding system from U.K.-based SmartWater, O’Connor says. This forensic coding fluid, when dabbed onto a device, dries to leave an ultraviolet marking akin to DNA.

Other companies are taking an approach similar to the LoJack system, in which a hidden transmitter allows police to track down a stolen automobile. Because laptop thefts had become 3Com’s largest property theft worldwide, for the past two and a half years, the Santa Clara, Calif.-based networking company has been installing tracking software on every new laptop, says Brad Minnis, manager of security operations. Absolute Software’s CompuTrace lets administrators monitor a laptop’s physical location whenever and however its user connects to the Internet. If the device is reported stolen, Absolute works with local law enforcement agencies to track down the device. Users may not even be aware of the software, which is designed to survive a reformat of the hard drive. In addition, each 3Com laptop is issued with a cable lock, and the company makes individual departments pay for replacement units. "There’s a real monetary incentive for departments to take care of their assets," Minnis says.

Keeping track of the hardware is the first priority but not the only one. Protection of the data on a hard drive starts with a BIOS password and good password habits. That’s easier said than done, of course. Everyone knows that the longer and more unique a password is, and the more often it’s changed, the more cumbersome it becomes. "It will slow users down," EDS’s Milholland says. "The more secure you get, the more there is to pay at both ends: dollars and time." Besides, anything that requires a password means more calls to the service line. Already, Milholland notes that the biggest percentage of calls to help desks involve password resets for all kinds of devices.