What is the most effective technology security measure-whether software, hardware, or policy-that your organization has implemented in the last year? We recently established a policy to have all laptops and workstations audited monthly to make sure anti-virus, spyware, backup, and firewall applications are turned on and working properly.
Like what you see? Click here to sign up for Accounting Today's daily newsletter to get the latest news and behind the scenes commentary you won't find anywhere else.
Tad W. Remington, CMA
InterDyn Remington Consulting
Implementing hard drive passwords on all our Dell laptops. At first the staff grumbled a bit, but overall it has been a success and the additional security it provides outweighs the inconvenience of yet another password.
Olsen Thielen & Co.
St. Paul, Minn.
The most useful security device we've implemented recently is called G/on. It's made by a company called Giritech and lets us give people access to just a single application or the entire network from anywhere whether they work for our company or not. The product is menu-driven and incredibly simple for the enduser. Modifications to who can access what and the addition of new applications or connections can be configured and updated within seconds. The changes are sent seamlessly to the user, not even requiring them to login to a new session. It's purely a security device that uses either Windows Terminal Services or Citrix to run non-Web-based applications remotely. If both ends of the connection have a very high bandwidth, then the applications can be run using the G/on USB key.
Business Management International
New York, N.Y.
Single Sign-on. It allows companies to streamline adding and removing users and ensures that individuals only have access to those systems they should have access to. When the user's role changes, the appropriate permissions are added or removed based on corporate policies. All enforcement occurs in a single location rather than in a number of separate systems that are rarely properly maintained.
We installed a Symantec Gateway Security device, a firewall that allows us to ensure that our endusers are not circumventing their anti-virus updates or turning it off, and then accessing the Internet. Technology has gotten pretty good-endusers have gotten better at making it useless over the years.
Bird Island, Minn.
Ultra-sensitive files and forensic evidence are kept in a locked steel cabinet to which I have the only key. My office, where all forensic/BV files are kept, is locked whenever we have people in the house who might wander in to look around. Old file storage is in our attic over the garage, which is always locked. Additionally, we have a very effective guard dog.
David E. Mensel, PC, CPA
We have a combination of policy reinforced with technology. This includes ASi Smart Solutions Conditional Field Level Security extension for Microsoft Dynamics AX, which allows companies operating in SOX (404/302) environments the ability to keep sensitive corporate information from information workers while allowing them to perform their job. It was previously thought that sensitive information couldn't reside in enterprise-wide resource planning databases as it is typically accessed by many people and the risk of having this data viewed and exported was too great.
Advanced Systems Integration
Orange County, Calif.
Within the last year, we implemented the use of Secure Portals. This provides our firm with a method to deliver/exchange sensitive documents with our clients without using unsecure email and attachments. This has proven to be very effective, convenient, and clients like it.
John G. Seale, CPA, CITP
The most effective thing was hiring a director of information security. Without a position that has the authority to create and set policy and procedure-as well as implement a continuous awareness program-no technology would be useful.