Ask most blue chip company bosses about their organisation's most valuable assets and 'data' will be high on the list. Why, then, do so many firms leave their confidential information open to abuse and public scrutiny? We outline the need for password-protection of data networks.
Security is something that people take very seriously when it comes to their homes. They have locks on their doors and windows, and maybe an alarm. You have items inside your house that you consider valuable, so you deploy what you deem to be appropriate measures to protect them. The same is true of documents stored in a lockable filing cabinet in the office.

That being so, why not take the same care when it comes to the files you have stored on your computer or network in the office? If you are storing data that's either valuable or confidential, it's wise to take steps to protect that data. The more valuable that data happens to be, the stronger the measures you'll need.

Remember, too, that most of the files stored on your network – or indeed e-mails that you send – will be in the 'clear text' format. In other words, someone could read the content at the same time as the file in question is being transmitted across a network.

Thinking about the password
The first step in securing a file such as a basic Word document is to password-protect it. Which neatly brings us on to an important point – that of password selection.

Make sure that you do not use words that appear in dictionaries or real names. Always try to use a combination of at least eight letters and numbers, preferably mixed up but in a sequence you can remember. Being able to recall the password is essential, as this is where people most often make mistakes – by writing them down, leaving them on a drawer or stuck to their PC on a Post-It note.

When sending a password-protected file to someone, it's common practice to attach the file and then put the password within the same message, thus negating password-protecting the file in the first place.

One example of how to derive a good password that's easy to remember would be to start with a sentence or phrase (such as "My boyfriend stinks"). Abbreviate the word and change the capitalisation such that you end up with something like "MbfstinX". Then, replace some of the letters with numbers (eg o to 0 and i to 1). This would give you "M6f5t1nX", which is a pretty good password.

If you have difficulty in remembering such a password, then you would be better off putting a Post-It note on your screen that simply says: "James smells". This password policy shouldn't just apply to the protection of documents, but for your network log-on or any time you are asked to supply a password.

If you wish to go that bit further then a simple file encryption tool might be useful.

Beware, though – don't use the same password for everything. If you e-mail someone a file and then go to meet them, or 'phone them to give them the password, you should treat that password as if it were publicly-available – and so immediately replace it with a new one for any other files.

Bear in mind what the other person needs the files for. If it's only to view them, or cut and paste parts of them, then you could give them the 'read-only' password and not tell them the 'edit and save' password.

Don’t use the same password for everything. If you e-mail someone a file and then go to meet them, or ’phone them to give them the password, you should treat that password as if it were publicly-available – and so immediately replace it with a new one for

Combating the corrupters
If you are worried about corruption of your files, there are a few steps you can take to alleviate those concerns.

If you store files on a network, find out how regularly (if at all) your company takes a back-up of the file server. The server is probably the best place to store files if you use a desktop machine and not a laptop. You may find that there is no back-up taking place, in which case you might want to store a copy of the file on your local machine as well. Therefore, if one copy of the file is corrupted, at least the other will be alright – though always make sure you know which is the latest version of the file.

In addition, ensure that you save important files regularly when you're editing them. If your program crashes, you will not then be forced to rely on it to recover the document for you.

If you want to keep certain e-mail conversations private, then use encryption software. If your company has a policy that bans the use of such software, you could write an e-mail into a file, password-protect it and then attach it to an e-mail. In doing so, the file size of the e-mail will increase considerably. This will take some time for the recipient to download if they don't have a fixed Internet connection.

If you're sending quite a bit of information, putting it all into a zip file is a good idea (this will decrease the file size while in transit, and also allows you to add a password). Security Management Today readers will be keen to learn that they can download the WinZip application from www.winzip.com

Up-to-date anti-virus software
The modern computer network means that it's crucial for companies to use up-to-date anti-virus software. This should be installed on all computers by default. Viruses can render your computer (and the file systems you have access to on the network) completely useless. They can also send out information from your computer without you knowing.

The first rule of thumb is that, if you think you need to use any of the above suggestions, talk to the person in the office responsible for the computers or networks. Chances are they already have some information or software that may help you.

We all know that locks can be picked and windows broken. Just because you've employed encryption techniques and a good password doesn't mean that you're safe. In effect, it means that you've installed some door and window locks and a basic alarm which any potential thief will see and decide whether or not they want to go through with the effort of breaking in.

There's no such thing as something being 100% secure. It's all about risk assessment, taking adequate measures and recognising the strengths, weaknesses, advantages and disadvantages that are part-and-parcel of the solution you happen to have chosen.

Effective data and IT security cannot simply be bought as a single product or service. It's more a matter of process.