Re: Small business IT security

[Dave Ockwell-Jenner <lists () solar-nexus com>]

The obvious answer here appears to be finding a different service 
company that doesn't have ties to the competition. If that isn't an 
option, then at least your client should consider some legal opinion on 
seeking a mutually protecting contract that outlines the risks and 
liabilities of both parties.

Secondly, I would suggest that any company intellectual property be 
protected. Perhaps company sensitive data can be stored on a central 
system that has removable media. If the system requires any service, 
pull the sensitive storage and just send the box off. Better still, why 
not have the service company provide on-site supervised support.

Really though, this is a question of risk (as are most things). What's 
your clients comfort level with having their data potentially end up 
with a competitor and/or customer? It may not even be malicious, just 
accident on the part of the service company; say transposing drives in 
two systems they are working on. If that makes your client jittery, then 
think of ways to protect sensitive material from technicians that will 
have unrestricted physical access to these systems. In many ways, this 
seems similar in some respects to protecting data on laptops in the 
event of theft. The laptop may be gone, but the data may still be protected.

Hope that helps,
Dave.

jonathan () gatewaysa com wrote:
> Hi
>
> I dont know if this is the correct place to post this. I am doing some work for a small company with around 80 pc's. They 
> dont have any inhouse IT staff and use an out side little computer dealer for all their work. These guyse look after everything 
> from the pc's to the servers to the network. They obviously have all the admin passwords etc and if somehting needs to be 
> repaired they take it to their workshop where one of the technicians will repair it. This It shop also does work for one of the 
> competitors as well as a few customers.
>
> I know all the security risks but short of hiring someone in house what else could be done to ensure they Information 
> Security.
>
> Thanks
> Jonathan
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence 
> in Information Security. Our program offers unparalleled Infosec management 
> education and the case study affords you unmatched consulting experience. 
> Using interactive e-Learning technology, you can earn this esteemed degree, 
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
>   



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------