中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeInformation, Computer and Network SecurityPolicies and OperationsProtecting PERSONAL INFORMATION - A Guide for Business 3. Lock it - Protect the information that you keep

Protect the information that you keep - Electronic Security

Computer security isn' t just the realm of your IT staff. Make it your business to understand the vulnerabilities of your computer system, and follow the advice of experts in the field.

General Network Security

Identify the computers or servers where sensitive personal information is stored.

  • Identify all connections to the computers where you store sensitive information. These may include the Internet, electronic cash registers, computers at your branch offices, computers used by service providers to support your network, and wireless devices like inventory scanners or cell phones.
  • Assess the vulnerability of each connection to commonly known or reasonably foreseeable attacks. Depending on your circumstances,appropriate assessments may range from having a knowledgeable employee run off-the-shelf security software to having an independent professional conduct a full-scale security audit.
  • Don't store sensitive consumer data on any computer with an Internet connection unless it' s essential for conducting your business.
  • Encrypt sensitive information that you send to third parties over public networks (like the Internet), and consider encrypting sensitive information that is stored on your computer network or on disks or portable storage devices used by your employees. Consider also encrypting email transmissions within your business if they contain personally identifying information.
  • Regularly run up-to-date anti-virus and anti-spyware programs on individual computers and on servers on your network.
  • Check expert websites (such as www.sans.org) and your software vendors' websites regularly for alerts about new vulnerabilities, and implement policies for installing vendor-approved patches to correct problems.
  • Scan computers on your network to identify and profile the operating system and open network services. If you find services that you don' t need, disable them to prevent hacks or other potential security problems.For example, if email service or an Internet connection is not necessary on a certain computer, consider closing the ports to those services on that computer to prevent unauthorized access to that machine.
  • When you receive or transmit credit card information or other sensitive financial data, use Secure Sockets Layer (SSL) or another secure connection that protects the information in transit.
  • Pay particular attention to the security of your web applications—the software used to give information to visitors to your website and to retrieve information from them. Web applications may be particularly vulnerable to a variety of hack attacks. In one variation called an "injection attack," a hacker inserts malicious commands into what looks like a legitimate request for information. Once in your system, hackers transfer sensitive information from your network to their computers. Relatively simple defenses against these attacks are available from a variety of sources.
‹ Protect the information that you keep - Physical SecurityupProtect the information that you keep - Password Management ›