"

Estimated reading time: 2 minutes, 58 seconds

Meeting Stricter Security Rules

Trey JamesThe best protection for data at your firm might be a door, a lock and a process for keeping unauthorized people away from the server room. Because with the potential stricter requirements regarding personal data looming across the country, physical security stills remains the No. 1 issue, not viruses and spyware.

"It’s so easy to walk and steal a server. You have to be more technical to break in electronically," says Trey James, CEO of Xcentric, an Alpharetta, Ga.-based company that provides outsourced technology services to CPA firms.

There are lots of numbers to back up that statement. The Microsoft Security Survey for January through June showed 30.5 percent of all incidents it handled involved equipment theft, by far the largest category of threats to data. Information about breaches compiled by the Open Security Foundation's DataLossDB showed similar results. The disposal, theft or loss of equipment, media and paper documents represented 43 percent of all reported incidents. By itself, theft of all types accounted for 31 percent with stolen laptops the largest category at 19 percent of the total.

That lines up nicely with Microsoft's conclusion that malware incidents - hacking, malware itself and fraud - represent less the half the total of the categories that designate negligence - lost, stolen or missing equipment; accidental disclosure; or improper disposal.

At events, such as last week's user conference for tax and accounting firms held by Thomson Reuters, James has been telling attendees that physical security may require some expensive changes.He says many observers expect Massachusetts regulation 201 CMR 17.00, which went into effect in March, is likely to become a template for other state rules that govern businesses that keep personal information about customers on their computer systems and on paper.

That's where doors come in because of the requirements for physical security the regulation imposes on business.

The Massachusetts approach "requires the server room be locked," James notes. Since many businesses don't have server rooms, they will need them. Once there's a door to shut, the businesses then often need air conditioning systems to keep equipment cool. Firms also cannot allow non-IT personnel, for example the cleaning staff, into the server room unsupervised he noted, and would probably need to keep a visitor log. The regulations also affect paper records and because many firms built open file areas, "It requires a lot of the small firms to buy a door," he says.

Businesses must develop a security plan, which must be filed annually with the state of Massachusetts. They must also show that employees receive two hours of training per year. And the provisions don't just impact companies that have a physical presence in Massachusetts, it affects companies that have personal data about customers in Massachusetts.

In many ways, James says the requirements are so strict and detailed that they may be impossible to adhere to.

Bob Scott
Bob Scott has provided information to the tax and accounting community since 1991, first as technology editor of Accounting Today, and from 1997 through 2009 as editor of its sister publication, Accounting Technology. He is known throughout the industry for his depth of knowledge and for his high journalistic standards.  Scott has made frequent appearances as a speaker, moderator and panelist and events serving tax and accounting professionals. He  has a strong background in computer journalism as an editor with two former trade publications, Computer+Software News and MIS Week and spent several years with weekly and daily newspapers in Morris County New Jersey prior to that.  A graduate of Indiana University with a degree in journalism, Bob is a native of Madison, Ind
Read 6124 times
Rate this item
(0 votes)

Visit other PMG Sites:

Template Settings

Color

For each color, the params below will give default values
Tomato Green Blue Cyan Dark_Red Dark_Blue

Body

Background Color
Text Color

Header

Background Color

Footer

Select menu
Google Font
Body Font-size
Body Font-family
Direction
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.