CSO Online’s Michael Overly has a good article about businesses trusting their sensitive information to consultants, and what best practices to follow. The first guideline: do not let your consultant store any of the information on a laptop.

There are practical considerations that make it difficult to ban the use of laptops in all situations. Consultants may need to move from site to site easily, with constant access to the data. One solution is to provide laptops to the consultant yourself - that way you can be satisfied with the security systems in place. When that is cost prohibitive, here are some suggestions offered for a laptop security policy to enforce with contractors:

  • WiFi access should be limited to approved secured means, and used only when necessary
  • Hard disk must be encrypted
  • All ports on laptops to be disabled
  • Strong authentication required (e.g. biometric)
  • Security software installed and kept up-to-date
  • Secure and irreversible erasure of data to be enforced at end of data-use period
  • Tracking software with remote data delete should be used (like Absolute Software’s Computrace products)
  • Breach notification protocols should be in place in the event that the laptop goes missing

You can read more suggestions here.

Tags: , , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati