• PC World
• »Phones
• »Smart Phones

Rules of Thumb to Strengthen Security for Your Firm's Data

Clever hackers may get all the attention, but the most serious security threat at most enterprises is plain old password theft: Somebody gets hold of a valid user name and password, plus the right URL or dial-up number, and uses them to plunder your sensitive data. Or somebody steals a corporate notebook and, armed with the password, simply copies your secrets off the hard drive.

Increasingly, companies are turning to biometrics--technology that allows identification through fingerprint reading, face recognition, voice authentication, and so forth--to guard against such theft. Judging by the flurry of new devices that have appeared, you might think biometrics provides a foolproof defense. Many laptops now come with optional fingerprint readers (see Top of the News for a review of the latest Compaq and Acer models with this capability). And IBM recently bundled Visionics face-recognition software with its UltraPort video camera, an option for the company's A, T, and X series ThinkPads. Mindful of products such as these, International Data Corporation expects annual sales of biometric devices to jump from $300 million this year to $1.8 billion by 2004.

Even if that forecast proves optimistic in the face of today's slowing economy, it's clear that biometrics is on the rise. But that does not mean that biometric devices will solve your security woes, experts warn, and your company should proceed cautiously if it plans to buy. Here are some pointers from consultants, manufacturers, and users to keep in mind:

Choose a mature technology. Currently, that probably means fingerprint readers, because some of the other technologies are less user-friendly or require considerable hardware, says Charles Kolodgy, research manager for IDC. For traveling execs, devices like laptop fingerprint scanners may do the trick. For those in the office, the solution may be fingerprint-protected hard drives from a manufacturer such as Loqware, or the new ID Mouse from Siemens, which has a fingerprint scanner built into its shell. Keep in mind, though, that as many as 3 to 4 percent of people have fingerprints that may be unreadable by the current generation of devices.

Don't kiss passwords good-bye. Every time a biometric device reads your fingerprint, face, signature, or voice, the data it produces is slightly different. If the recognition software can't account for that fluctuation, you'll never get past the gate--which is why you need to tweak the sensitivity until the system recognizes the right person even on bad days while keeping the wrong people out. Given today's technology, that involves striking a delicate and imperfect balance. So think of biometrics as an added layer of security to be combined with standard passwords for especially sensitive data. That way, even if someone manages to steal your password, the thief will still need your fingerprint or face to get in.

Make sure that your system includes an old-fashioned manual override. Any data-protection scheme carries with it the risk of a malfunction that keeps out people who should get in. So you need a backup plan you can resort to if the fingerprint reader refuses to recognize you, or if the executive with sole biometric-protected access gets hit by a bus (or--perhaps more realistically--quits and resurfaces at the competition). The simplest safeguard is to make sure that every biometric-equipped device is accessible by at least two employees. But some experts advise that you implement another, ultrasecret password layer that circumvents biometric security altogether--just in case.