Think security is hard to figure out? Not to Delia Fernandez. Just decide where to put your data, make sure that's the only place you have data, and protect that data.
"My friends tell me I'm paranoid," says Delia, owner and principal of Fernandez Financial Advisory in Los Alamitos, Calif. Her response? "Professionals get paid to use their brains, but they're not applying those brains to data security."
Just two of the five computers on Delia’s network are authorized for data: the office server, which her assistant and occasional interns use, and her laptop, where Delia keeps data she needs when visiting customers and working at home after hours.
Delia learned about data security at TRW, where she worked for 12 years before starting her business. Before that, she spent time at Ashton-Tate, developers of dBaseII, and learned the importance of backups and keeping track of data. But two recent events helped shape her data protection strategy.
First, an office break-in in which every laptop that wasn’t locked up was stolen made her realize how easily her business could be brought down. Then, a consultant showed her how little protection Windows XP passwords offer. After researching security tools, she decided only encryption would provide the protection she needed, and that WinMagic’s SecureDocs ($159 per user) encryption software showed promise.
Delia bought two SecureDocs licenses to protect the server and laptop. Financial professionals like Delia are touchier than ever about laptops since Wells Fargo lost laptops containing financial information. Moreover, California Senate Bill 1386, effective since July 1, 2003, forces financial companies to inform customers when their personal data has been lost.
Independent financial planners, such as the 11,000 members of the National Association of Personal Financial Planners Advisors (NAPFA), which recently appointed Delia to their West Region Board of Directors, rely on the trust of their clients. Revealing to those same clients they lost their financial data would effectively put a planner out of business. That's why Delia searched for encryption support for her data.
"As a licensed professional with fiduciary responsibilities, I'm supposed to do what's best for my clients. Protecting their personal data obviously fits that description," she says.
Thi Nguyen-Huu, CEO of WinMagic, says that unlike other products, WinMagic software encrypts everything on the disk and loads before the Windows Master Boot Record. It derives the encryption key from the password, and decrypts files and data on the fly. WinMagic uses 256-bit Advanced Encryption Standard encryption, the highest standard for security.
Since Delia runs WinMagic on her server, the data on her disk is safe, and the back-up files are encrypted as well. Nguyen-Huu says 75% of WinMagic sales are for laptops, 5% are for servers and the rest desktops.
Delia’s offsite back-up routine includes using an online service and carrying one of the two removable mirrored drives in the server offsite. But good security also means paying attention to details. For instance, Delia says, "We discovered our scanner software stores temporary files on the workstation, so we have to delete that temporary storage folder every night to make sure we don't leave any customer information on a non-encrypted disk.”
Delia loves the flexibility computers give her, saying: "I started my business by booting a computer in my second bedroom." But she misses the technical support she took for granted in the corporate world. "In a dream, a tech support person knocked on my door to fix a problem, and I got so excited I woke myself up," she says, laughing.
But at least now that she encrypts all her clients’ data, Delia can go back to sleep.