Lockdown: Protect Your Business's Most Confidential Data

Every business has secrets that it would prefer to shield from both the public and from rank-and-file employees. These private documents can include marketing strategies, production processes, product formulas, and even the home phone numbers and addresses of company officers.

Making sure that vital secrets stay private is a task that requires careful planning and a multipoint strategy. Here's how to get started.

Network Security: Every business needs to have a network-security plan in place to protect files from prying eyes. In addition to the usual software and hardware safeguards, you'll also want to protect particularly sensitive files with passwords . But since passwords can be stolen or cracked, you will want to keep really crucial information — data that probably won't be accessed regularly anyway — on discs in at least two physically separate and secure locations.

Wireless Security: An unsecured wireless network can provide a gateway into your main business network, leaving important data exposed to wardriving spies, employee-created rouge access points and other popular snooping techniques. To lock down your wireless network, use WPA (Wi-Fi Protected Access) encryption in the form of either WPA or WPA2 technology. Additionally, tools from vendors such as AirMagnet Inc . and Aruba Networks Inc . will help you quickly pinpoint the existence of any rogue wireless devices. Steps can then be taken to either take down the access points or to secure the network against their presence.

File Encryption: Encrypting secret files is really a no-brainer. Encryption allows people with "need-to-know" privileges to view sensitive information with ease while effectively blocking access to unauthorized parties. Best of all, even if a disc or laptop that contains encrypted files is lost or stolen, it's highly unlikely that anyone— except for a highly skilled and determined individual — will ever be able to crack the encryption. Leading encryption vendors and products include PGP (Pretty Good Privacy), open-source TrueCrypt , DESlock+ , FileLock and T3 Basic Security .

Device Control: Gadgets such as portable hard drives, USB thumb drives , cell phones and media players are all capable of swiping business secrets in the blink of an eye. To thwart easy file transfers, remove or seal (with glue) open USB and FireWire ports on your office workstations.

Document Tracking: All secret documents need to be accessible only through applications that provide document tracking. This policy will create a traceable trail of exactly who looked at a particular document, at what date and time they did so, and whether they made any changes.

Physical Security: Your company's biggest secrets shouldn't reside on a network server or a desktop or notebook computer. Many organizations lock their most important data inside bank vaults and approve only a handful of individuals to access the material. While an office safe or a locked room can serve the same purpose as a vault, a safe-deposit box is far less vulnerable to thieves and dishonest employees. Remember to store duplicate copies in at least two geographically separate locations, in case one site is destroyed by a natural or man-made calamity.

Policies: Employees and business partners need to be aware of enterprise security policies and their roles in protecting information. It's also a good idea to enforce established security guidelines with a confidentiality agreement that makes the signer legally responsible for any information that he or she willingly discloses to an unauthorized party.

A secret can be lost in the blink of an eye, but getting information back under wraps can take forever.