Securing Personal Data in Small Companies?

lohmann asks: "I was recently paying rent in my apartment office when I noticed several of the rental agents frantically shaking a nearby keyboard. Being a geek, I intervened... and plugged the mouse back in. A barrage of performance questions ensued, so I checked their system for any issues. The results were astounding: Windows 95, no firewall, no AV software, and no backup software on a machine containing thousands of individuals personal information (including mine). I ran some utilities and removed dozens of viruses and instances of spyware. I voiced my concerns over security issues, but was told that 'there is no budget for such things' and that 'we haven't had any trouble in the past.' Have any of you run across similar instances of small companies refusing to protect your data? What can I do to convince them to secure the network?"

Backups, A/V, firewall, and spyware

[darkone]

For windows boxes, there are 4 things I do/suggest to users:
1> Backups - spend the $150 for a Maxtor OneTouch that comes with Retrospect personal. Once a week they press a button, backup done.
2> A/V - If they don't want to spend $70 for Norton or McAfee, then for free you can try AVG ( http://www.grisoft.com/us/us_index.php )
3> Firewall - Avoiding XP SP2's, www.zonealarm.com has a good free firewall.
4> Spyware - AdAware does a great job detecting and removing spyware. ( www.lavasoftusa.com ) Free version requires that you run it manualy once a week/month/day.

Re:Backups, A/V, firewall, and spyware

[binaryspiral]

Spybot does not require manual operation - I have startup scripts to update itself, scan, remove, and close the app without ever showing itself to the user.

AdAware requires commercial licenses when used on non-residential computers. Spybot does not.

I agree AdAware is polished and more refined, but spybot does a great job and has lots of Admin friendly programming.

What I've seen

[dtfinch]

A lot of multiuser POS/Point Of Sale systems store their data on a network file share, in dbase or some other ISAM format. And on top of that, few do any sort of encryption of customer information, like credit card numbers. The result, anyone at a computer that can access the application can steal sensitive customer information and anything else with minimal effort.

Re:I volunteered for a day at a local non-profit

[quintessent]

I found them on VolunteerMatch. They were asking for computer help. Turns out, all they really needed were data entry monkeys. But then they asked about doing a one time gig, so I went in for that.

Re:Annual safety inspection for cars.

[hab136]

Two seconds with Google would tell you that.

I did Google it:

1. Motorola
2. Motorola
3. Museum of Tolerance
4. Larz Anderson Car Museum
5. Motorola again
6. Motorola yet again
7. The Ministry of Trade for Vietnam
8. UKMOT with no explanation from Google on what that is (and thus no reason to investigate that page)
9. Cambodia Tourism
10. Microarray Databases

I finally figured out that "UKMOT" is what you're talking about, but no, it wasn't obvious, even after Googling.

Interestingly, Google UK doesn't even return UKMOT as a result on the first page. Though if you click "Pages from the UK", you get not UKMOT, but this page

With the amount of cross-Atlantic traffic, you could've helped us Yanks (not to mention the non-native English speakers) out with at least the full name .. which, even after reading their FAQ I still don't know what MOT stands for.

You could've also said "annual saftey inspection" in the original post instead of the UK-specific "MOT".

You're obviously trying to express information (by posting), which I applaud; you'll reach many more minds if you make your post self-explanatory, or at least provide a link.

Re:sue?

[james11111]

Under the Data Protection Act (UK) all buisnesses storing personal data must be registered with the Data Comissioner, and take reasonable steps to make that data secure. If they don't they are open to prosecution.