Home > Blog

Tips and Insights

Over our 28 years of explaining, we've accumulated a wealth of valuable information that doesn't fit neatly under our web site tabs. This body of knowledge includes some tools we have developed, approaches that have worked well, other approaches that failed, and a large amount of miscellany that could be called "accumulated wisdom" or perhaps more accurately "battle scars"

We organized this section as topic threads that invite further insights and comments. We welcome your additions.

We also welcome questions and suggestions for new topics.

Monday, February 5, 2007
Security in an Insecure World

We're lucky here--our office windows look out onto a creek where Mallards, Canadian geese, muskrats, snapping turtles and kingfishers coexist peacefully together (except for that one incident with the turtle and the duck, but I won't go into that). We keep a set of binoculars near our desks for when we need a break from the computer screens and phones.

The pastoral landscape makes for a relaxing atmosphere, and though we share the building with other tenants, our interactions in the hallway are minimal at best. The nature of our work means we don't generate much foot traffic, so the idea of security has been limited to making sure our computer files can't be hacked, making sure we back up our hard drive, and making sure anything we need to access is safe from water or fire damage. That is, until we picked up our first aerospace defense contract. That's when we-they-turned a wary eye toward our daily routines, as well as the building itself.

With this contract came certain stipulations-ones that required us to beef up our security. Here are the provisions we have in place now-some old, some new. If you work among sectors with sensitive materials and you haven't already made these changes, you may want to consider similar actions.

  • We have systems installed that segregate and protect information, giving access to employees only on a "need-to-know" basis.

  • Separate, encrypted server hard drives are dedicated to single projects or clients.

  • The terminal password system on our workstations requires new sign-ins after 10 minutes of inactivity.

  • Our locked, tamper-proof server is enclosed with access limited to approved IT employees.

  • We handle document shredding through a Department of Defense-approved contractor.

  • Our offices and file cabinets are locked.

  • The office entrance has a lock box that requires a pass code to access, preventing casual entry.

  • Office visitors are accompanied at all times.

  • Our e-mail and FTP data exchange are encrypted.

  • We have offsite daily system backups.

Our clients are happy with the security we provide, and though the enhanced security feels a little Orwellian, the nature show outside our window helps remind us we're still part of a peaceable kingdom.

Labels: ,

posted by Renee at 3:30 PM |or send a private comment