Measures to Protect Confidential Data of an Organization

In today’s world it is important for any organization to have business continuity and any loss in data for the company can cost a lost form losing customers to having to fight lawsuits and pay huge fines. All these have to addressed and eliminated. Confidential data is an important part of company’s resources and anyone gaining access to these data can impact the business in a huge way.

To protect the physical assets in an organization security measures have to be taken:

1. Deb mentioned that one should lock the server room. Strong locks should be secured on the server room doors. Strong policies have to be laid down that the server room be locked when it is not being used and logs should be maintained as to who is entering and leaving the room and who has the key or code to enter the room. Server room is the main center of the network and any unauthorized access to the servers can cause a huge damage to the company.
2. Surveillance needs to be setup. Even after the door has been locked anyone can gain authorized access to the room. The log book should be one way to monitor and another way is have smart access such as biometric scanning or token system to restrict the access to only authorized users. A CCTV could be setup in a location where people cannot see to record the people coming in and going out. Alarms can be enabled to monitor and send notifications in case of any intruder access.
3. High valuable assets should be secured in a room which should be locked. Assets such as laptop could also pose threat to the company where a hacker who gains access to the laptop can hack the data that is going through a network. All these devices should be put in a secured or locked room.
4. Rack mount servers can be setup. These rack mount servers need very little space in the company and they can be secured easily. The rack servers can be put in some closed locked racks and then secured to the floor which will be hard to move.
5. Workstations should also be secured. All the laptops needs to be locked to the workstation when away. Any computers that are not being used should be taken away and secured. Passwords have to be setup to restrict unauthorized access.
6. As stated by Deb, Portable devices have to protect. All the portable devices such as laptop, mobiles, and pagers can be stolen easily and can gain access to the organization data. They should always be with the owner and passwords have to be setup. All the hard disks have to be secured. For added protection the data on the hard drives should be encrypted and biometrics readers can be setup to protect access to such devices.
7. Data has to be backed up. This is an important task in the recovery stage if any incident occurs. When this data is backed up one should keep in mind that this data or device can be stolen too. It is good to have this data backed up in the server room or closer to server room and install locks to the shelves where data backup is stored. Usually backups can be kept offsite to prevent data loss during an incident.
8. Most of the companies provide laptops to the employees that do not have a cd drive or floppy drives. This will prevent employees from copying company information into any removable media.
9. Printers should be protected. Printers are one important physical asset that needs to be secured. The printers have lot of confidential data stored in the memory board. Anyone who gains access to the printer resource will also gain access to this confidential data. All the confidential documents have to shred on a regular basis to prevent dumpster diver from stealing important information.