5. Install Theft-Recovery Systems on Laptops
We've already harped on laptop security problems, but losing a laptop doesn't mean you have to write it off forever. Check out a theft-recovery product such as Computrace LoJack for Laptops, which installs quietly on any notebook and can alert LoJack to the laptop's whereabouts when you report the computer as stolen.
Computrace partners directly with law enforcement agencies and says it recovers 60 computers each week on average, for a 75 percent recovery rate on laptops reported stolen. Paying $90 secures a laptop for three years. An extra $20 adds an optional "kill switch," which you can use to nuke all the data on the machine if you fear that it's never coming back.
6. Investigate VoIP
It may not be time to migrate the whole company to VoIP and dump the traditional analog system, but it is certainly time to begin experimenting. Start with Skype on a few machines for your most tech-savvy users, and add dedicated handsets so that they can compare the VoIP process directly with their experience on standard handsets. Check back in four months to hear their thoughts.
7. Stop Making Users Change Passwords for No Reason
Many IT departments mandate quarterly--and even monthly--password changes, yet no evidence shows that such policies lead to improved security at all, as users forced to change passwords frequently are more prone to write them down and, say, tape them to their monitor. You're better off educating users about what consititutes a strong password and restricting the inclusion of words on commonly used password lists, requiring numbers and a special character, and so on.
8. Get Serious About Backup
If you're still using a courier to haul a mountain of backup tapes to and from an offsite storage facility, it's time for an upgrade. For starters, hard drives are now readily available in 1TB capacities and higher, and they're far faster and more reliable than tape. Simply replacing an archaic tape setup with a revolving series of external hard drives is a no-brainer and needn't cost much at all.
Alternatively--or in addition--consider online backup services, at least for critical data that's on the small side. Numerous online, enterprise-level backup services exist. Check out Mozy Pro, for example, which can back up Exchange or SQL databases and costs just $6.95 plus 50 cents per GB per month.
9. Migrate Away From Internet Explorer
Last month's critical Internet Explorer security flaw, revealed in all versions of IE dating back to IE 5, should have been a wake-up call for anyone still using Microsoft's browser. Unfortunately, upgrading an entire office (and removing IE from those machines) takes time, so you're not out of line to be cautious in forcing users to upgrade. The good news: Unlike with most upgrades, users can easily adapt to Firefox, Opera, or Safari, so training needs will be minimal.
10. Clean Up the Mess in the Server Room
Cables sprawling everywhere (unlabeled, naturally). Dust accumulating in every crevice. Look under the pile of old CRTs, and you're likely to find a rat's nest--or worse. Most companies lock the janitorial staff out of the server room, but it's one of the places in the office that can benefit the most from old-fashioned cleanliness and organization. Take a slow day when most of the staff is out and spend a little time organizing and labeling spare parts, dusting out the servers, and otherwise tidying up. You'll be much happier once the clutter is cleared.