Securing Personal Data in Small Companies?

lohmann asks: "I was recently paying rent in my apartment office when I noticed several of the rental agents frantically shaking a nearby keyboard. Being a geek, I intervened... and plugged the mouse back in. A barrage of performance questions ensued, so I checked their system for any issues. The results were astounding: Windows 95, no firewall, no AV software, and no backup software on a machine containing thousands of individuals personal information (including mine). I ran some utilities and removed dozens of viruses and instances of spyware. I voiced my concerns over security issues, but was told that 'there is no budget for such things' and that 'we haven't had any trouble in the past.' Have any of you run across similar instances of small companies refusing to protect your data? What can I do to convince them to secure the network?"

What I've seen

[dtfinch]

A lot of multiuser POS/Point Of Sale systems store their data on a network file share, in dbase or some other ISAM format. And on top of that, few do any sort of encryption of customer information, like credit card numbers. The result, anyone at a computer that can access the application can steal sensitive customer information and anything else with minimal effort.