Don’t let them routinely keep sensitive material on disks that will play back to savvy criminals who happen to dial in.
This especially applies to Winchesters. They’re the oxide-coated aluminum disks that remain in the machine housing them, and they stash away many times the amount of information on most plastic floppies. Now imagine the delights awaiting a thief or snoop. Via your auto-answer modem he could rifle thousands of pages of Winchestered documents. Such electronic robberies needn’t happen, but until businesses get burned this way, they will. So if you’re sharing an electronic spreadsheet or mailing list with your branch office, do so if possible at a prearranged time during business hours when you know who’s calling. Tell your people to do the same.
You’ll also need a privacy policy—internal and external. Do you, for instance, want salary information on a Winchester disk that any of your company’s computer-users could read? And how about employees’ health records? Good data security should protect your people as well as your company. So limit your computerized records to the essential and tell your executives not to use their home computers to bypass privacy laws.
Worry, too, about an external-privacy policy. Are you respecting the rights of your customers, including those, who, by computer, may be transmitting to your company their electronic jewels?
It isn’t just decency you want; it’s also good protection against suits, whether from people or client companies.
Here again, set a firm policy against your people misusing their personal micros. Alan F. Westin, a Columbia University professor of public law and government, correctly warned in Popular Computing, “A financial officer of a bank might store information about the life-style, habits, sexual preferences and other personal behavior of large individual borrowers or key corporate executives.” The banker might do this behind customers’ backs to help decide who was “stable” enough for loans.
You’ll also need a policy covering employees who use your computers for, say, maintaining their church’s bingo books. Why not let them? It isn’t the worst public relations. Some companies even allow their employees to play games after hours, tapping into company systems from home, and you, too, might experiment with this, provided it won’t add to your data-security problems. Better a fringe benefit than a crime.
On the other hand, you’ve got to draw the line somewhere. Can you estimate how much this extracurricular use of your machines costs in wear and tear—in, eventually, replacement costs? Feel your employees out on this one if you’re running a small business or hold sway over a large one. Would they rather enjoy computer privileges or better health insurance? You might offer cafeteria-style fringe benefits, with computer use as one of the options. Employees not selecting this choice might have to agree to it, anyway, if you discovered them using a company computer for personal purposes. This problem, of course, may lessen as the prices of small computers plummet and their capabilities grow.
Whatever the form of potential crime—theft or otherwise—keep remembering one of the basics of data security: It should cost neither more money nor morale than justified.