The Wall Street Journal has an article about small businesses securing data privacy by improving passwords. The suggestions aren’t surprising to anyone expert in security or privacy, but there are many out there who need to recognize that strong safeguards are important — before their security is breached and a mess is made.

Passwords are both vital and painful for small companies. A tiny firm’s data can be just as sensitive as that of a large company – and a breach of security just as damaging – but it typically has far less computer-security expertise and money to tackle the problem. Learning how to control insider and outsider access with good password practices is critical.

Unfortunately, the basics aren’t easy. Employees should use passwords that are hard to guess, are long – at least seven characters – and that include numbers, capital letters and symbols. They ought to have a different password for each company application and for each Web site they use. And they should change these passwords at least every 90 days, if not every 60 or 30 days.

Employees’ lists of regularly changing passwords must not be recorded in documents in their computers, sent around in emails or jotted down on sticky notes and stuck onto their monitors. “Just think about how many people walk into an office” — clients, partners, cleaning people, says Jim Lippie, president of Staples Inc.’s Staples Network Services by Thrive, which provides IT-department services to small companies.

Shared passwords are also a no-no. Each employee needs to have their own, and the whole system needs to be controlled by an administrator. That way you not only cut off former employees, but control which current employees may access what types of data. [...]

If your data aren’t sensitive, it can be enough to have a competent IT person set up basic network access controls. [....]

But if you do have sensitive data and a breach could wreck your company, consider hiring experts to help you set up and maintain an appropriate security system. If you’re a retailer that stores personal information about consumers, credit-card companies may require you to meet certain security standards. Health-care and financial-services firms often face federal regulations around data security. And companies with personal data that suffer security breaches may be legally required under state law to notify affected customers.

This entry was posted on Friday, October 30th, 2009 and is filed under Identification, Medical data, Security, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Possibly related posts:

• Wall Street Journal: Some Top Apps Put Data at Risk
• Wall Street Journal: Data Are Stolen From Hospitals
• Wall Street Journal: Protecting Your Privacy When Job Hunting