Lack of digital data protection could hurt businesses

With these great advancements come great responsibilities. Computer users, specifically business professionals, must understand the impact technology has on their lives and organizations.

Because we have the ability to customize our computers with cute desktop wallpaper and screensavers, we may have forgotten how powerful and interconnected our devices have become. Computers store our personal information as well as critical business information such as business plans, product designs, marketing strategies and financial records. Failing to understand how to protect this information from the threats of hackers, scam artists, thieves, hostile competitors and disloyal employees can have dire consequences. Learning to understand the risks and issues facing the business community is a continual process and one that is critical to keeping your interests protected and your business secure.

Real risks

Look at recent news stories and you will see risks facing computer users today.

A recent example involves a substitute teacher in Connecticut who was convicted of four counts of risk of injury to a minor, or impairing the morals of a child because she allegedly exposed her seventh grade class to pornographic images while surfing the Internet. This is a highly controversial case as there are claims that the computer was infested with spyware, viruses and adware prior to her using the computer that may have caused the pornographic web pages to appear. The computer was running Microsoft Windows 98, a notoriously insecure system, and the school had little to no protection in place.

Many are asking why the school is not being held responsible for failing to have mechanisms in place to protect the children.

It is possible this teacher’s life and career could be ruined due to a lack of detailed understanding of the classroom technology in place.

Another example involves a well-known plastic surgeon in the Kansas City area who needed to dispose of a used computer. He asked an information technology person if all the data had been removed from the computer and he was told that it had all been removed.

The doctor’s wife placed the computer by the curb for trash pickup. An enterprising man thought he could make use of the computer, so he got it and took it home. He used readily available tools and was able to recover all the data from the computer, including before and after pictures of the doctor’s patients. The man then took the computer and associated information to a local television station that immediately aired the story.

The result for the doctor was lost reputation, lost revenue and the filing of numerous lawsuits, all of which could have been avoided with a simple understanding of how to securely remove data from a hard drive.

How many other businesses or business owners have disseminated proprietary or confidential information when they have discarded or donated used computers?

Knowing how to securely remove data is a critical step for protecting information. In my white paper, “Secure File Deletion: Fact or Fiction?” I cover steps companies can take to secure data and remove data. This paper is accessible at www.sans.org/reading_room/white

papers/incident/631.php.

Before your business creates an action plan with such steps, it’s important to learn about how to secure digital information from IT professionals, legal counsel and consultants.

Rule changes

Perhaps the greatest driving force for businesses, and their legal counsel, to gain an understanding of the technologies in their organizations – and how to protect themselves – is the recent changes to the Federal Rules of Civil Procedure that took effect on Dec. 1, 2006. These changes direct the legal community to address “electronically stored information” as part of the discovery process in civil litigation. These rule changes mean lawyers must gain an understanding of technology principals and businesses and their internal IT personnel must know how to quickly and effectively produce electronic documents for litigation.

With our dependence on technology, it is no longer prudent for both individuals and businesses to rely solely on the IT professional to make decisions regarding our digital information.

We must all step up to the plate and become informed and responsible technology users.

John R. Mallery is a managing consultant and member of the forensic and dispute consulting division of BKD LLP in Springfield. He may be reached at jmallery@bkd.com.[[In-content Ad]]