Get Serious About Data Security
A friend of mine recently asked for help with a problem. Like many dive store owners, he keeps a personal computer in his classroom so that instructors can use it to run the Power Point presentations that seem to be an integral part of so many classes these days. The problem was that someone — probably not an employee — had gotten into the computer and fooled around.
The interloper hadn’t done anything malicious (although it certainly would have been easy enough for him to do so). All that had happened was that this person accidentally duplicated the entire contents of the computer’s hard drive (thus cutting its available hard disk space in half), and could not successfully delete the duplicate files. After an hour on the phone with Tech Support, my friend was not able to delete them either. (Of course, what Tech Support failed to mention is that there is a two-key combination that solved the problem in roughly one fourth of a second.)
Fortunately, the particular incident resulted in nothing more than a lot of frustration and the loss of an hour and a half of valuable time. It could have been a lot worse. Consider some of the following possibilities:
- A disgruntled employee decides to go to work for a competing dive store. Before he leaves, however, he decides to give his new employer a present: Your entire customer database, which he easily e-mails from the point-of-sale computer right at your front counter.
- While cruising an adult-oriented website from your office computer, one of your salespeople unknowingly downloads a particularly pernicious piece of spyware. Suddenly your entire computer slows down. You can’t surf the Internet any more without dealing with a million new pop-up ads — many of them offering to eradicate (for a fee) the very spyware that is causing them to appear. And, despite numerous efforts to restore your default home page, Internet Explorer keeps opening to RussianBabesInBondage.com (a quality website, based in Minsk, whose proprietors are now able to read the contents of your hard drive at will).
- One of your instructors, an avid tech diver, loves to post to various technical diving mailing lists. Unfortunately, he does so from one of your computers, using the e-mail address In_Stroke_Ter@YourDiveStore.com. And, being the easily-excitable fellow he is, he can’t resist responding to every perceived taunt and insult he sees. Now, as a consequence, your store’s name is appearing on websites and bulletin boards throughout the diving community, where it is characterized as being “nothing but a den for farm-animal-stupid, hose-stuffing, butt-mounting, helmet-headed, deep-air-breathing strokes.” (Like you really need this kind of publicity…)
- You open the store one day, only to be greeted by the smiling face of the friendly local process server. Guess what? You’re being sued. It seems one of your past employees is continuing to use his store e-mail account to cyber-stalk a 14-year-old student. The student’s parents are not amused. Neither is their lawyer.
Scary stuff, huh? Well, the bad news is, just as you can’t stop every determined shoplifter, you can’t make yourself invulnerable to the dangers outlined here. The good news is, just as vigilance can help reduce the risk of shoplifting, controlling who has access to your store’s computers — and what they feel comfortable doing with those computers — can prevent most of the situations just described.
The link below will download a Microsoft Word document. The document contains a generic Dive Store Computer Policy. It spells out:
- Who owns your store’s computers and the data these computers contain.
- What employees may and may not do with those computers.
- The responsibilities employees have in protecting you from the consequences of improper computer use.
The document is easily modified to meet your store’s individual needs. It is designed to be signed by employees, so that it constitutes a written agreement between them and you.
Nothing can make you bulletproof, Tools like this, however, can help.
::: TOP ::: SUBSCRIBE ::: CONTACT US ::: ABOUT US :::