Sunday, 10 December 2006

Securing the Network: 13

Securing The Network
A Post on Corporate Security Issues for the Non Technical

This post covers:
                Disposal and Destruction
                Employee Exit Procedures

Disposal and Destruction
It is a little known fact that even following a format, data can be recovered from your computers hard disk by a determined hacker. This makes it essential that when disposing of old computers, unless you physically destroy them, you must go to some lengths to make sure that the data that was contained on the computer cannot be recovered.

There are various methods that can be used to securely wipe the data from a hard disk. It is important that you select a method that offers the level of protection you require and then use it. Always.

Employee Exit Procedures
When an employee leaves the company, or announces their intention to leave, this should trigger a sequence of documented events that are related to the job they do or did. For example the series of steps to be taken when the IT Manager leaves are different to the series of steps to be taken when a Production Operative leaves.

This series of steps should incorporate the removal of their access card, token, key or any other device they have that can be used to gain physical access to your premises.

Their access to the computer network via remote means should also be removed and any access to confidential data prior to their departure should be logged.

Each and every employee should have an exit interview where their responsibilities to the company are discussed as are any restrictions that are placed upon them contractually.

"You're only given a little spark of madness. You mustn't lose it." - Robin Williams

No comments: