Effective-and cost-efficient-tools to help
your computer system keep its secrets.

    With increased use of the Internet and computers to store information, concerns over security of private client information have prompted many firms to seek security solutions beyond the standard firewall-type system. That does not mean abandoning firewalls. However, it could mean adding some additional security features to your computer and/or server. But, what combination of steps is most efficient for your practice?
    If you are one of the many firms using paperless office solutions, you may already be aware of one relatively simple step that can be taken. Any PDF file can be protected in one of two ways, depending on which PDF document software you use. Adobe's newest version of Acrobat Professional, version 7.0, has the ability to protect PDF documents. According to its Web site, Acrobat contains the following security features:
    Apply advanced document control and security.
    Protect sensitive and confidential documents.
    Add access control to protect documents inside and outside the firewall, online and offline.
    Use password protection.
    Restrict access to documents using 128-bit encryption.
    Control permissions.
    Set document permissions and restrictions on whether Adobe PDF documents can be printed, copied or changed.
    Sign documents digitally.
    Sign electronic documents using digital signatures.
    The cost is approximately $449 retail for the professional version or $159 if you are upgrading from a previous version. Adobe offers a standard version of Acrobat, which does not contain the advanced editing, control and design functions of the professional version, for $299 (full version) or $99 (upgrade).
    Of course, not all client data may be stored as PDF files. Microsoft Office, for example, also has some security features that apply to all of its Office Suite of programs, such as password-protected documents (files) and digital signature verification on macros, etc. But this still does not cover all the areas of privacy concern for most advisors. What about database security, for instance, and e-mail storage? There are also concerns about wireless networking in the office, and the use of portable storage media such as external hard drives that may be used to comply with Sarbanes-Oxley requirements by backing up server or other onsite data storage. Then there are laptops and all the security concerns surrounding their use.
    Recently, this author received a letter from his financial planning company announcing that a laptop containing private client financial information had been stolen from one of its offices. The letter went on to say that, although the theft was disturbing, they were confident that no personally identifiable information was taken. One hopes that this is the case. However, this and other similar instances serve to illustrate the worries associated with the use of today's computer equipment and peripherals.
    If you use external hard drives for backing up server or other onsite data storage, newer models are available with built-in security features.
    Many external drive manufacturers bundle backup software with their products that may be able to perform automated backups (unattended) and/or encrypted backups. Some newer products, such as the Tritton 160GB Simple Network Attached Storage (NAS), offer features designed to complement an office network while still being able to utilize offsite or removable storage solutions.
    The Tritton Simple NAS (www.trittontechnologies.com) is a cost-effective, network-attached storage solution designed for the small office user. Connect the Simple NAS directly into your network through the CAT5 port located on the back of the unit. You can share your data with everyone on the network simultaneously whether you are reading or writing data. It can be used as an FTP server, media storage server and to backup critical data. The included backup software allows for scheduling unattended backup tasks, self-executable backups, encrypted backups, compressed file backups and more. Setup is simple and takes only a few minutes to be up and running. Administering the Simple NAS is done through a Web-based interface, by logging onto the unit via your Web browser. Tritton also offers portable backup drives and wireless backups.
    For those who already own an older external hard drive without built-in security features, Beyond Micro (www.beyondmicro.com) offers a unique 3.5-inch HDD Enclosure designed to fit most existing external hard drives.
    Beyond Micro's BME3.5 external enclosure (made from a tough grade of aluminum) offers an innovative secure storage solution: It provides two secure keys for user authentication and access control. As a result, your data is safe from unauthorized use, even if it is misplaced or stolen. And the Beyond Micro 3.5 offers automatic bit-by-bit encryption for the entire hard drive, including the boot sector. It is powered by a NIST- and CSE-certified DES 40-bit encryption engine. The cost is approximately $135.
    For those of us who are concerned about laptops, a new product from Winmagic (www.winmagic.com) may just fit the bill. MySecureDoc Personal Edition is a data encryption program designed for laptops and desktops. MySecureDoc secures residual data, temporary files, paging files and hidden partitions left unprotected by other encryption methods, according to its press information. It is designed to encrypt every byte of data on a laptop (or desktop) machine. It uses a 256-bit encryption algorithm to protect data behind the scenes in real time without user intervention. One potential drawback appears to be a performance hit on your machine during the encrypting process. Company literature suggests that this is minimal, though. In personal tests conducted by this author, no noticeable system slowdown was detected. And, at a suggested retail price of $29.95, this is a cost-effective and efficient security solution. Winmagic also offers a personal edition-plus that extends security to portable media such as external hard drives, USB memory sticks and Secure Digital cards.   
    If you use a wireless network in your office, you may wish to check to see if the encryption standard being used by the wireless network is WEP or WPA. WEP (Wired Equivalent Privacy) is an older standard that has been replaced by WPA and WPA2 (WiFi Protected Access). It was created in response to several serious weaknesses researchers had found in WEP. So, if your wireless router is only capable of using WEP encryption security, you may wish to upgrade to a newer model capable of handling the WPA standard. Among the many providers that offer wireless access point (router) products, you may wish to take a look at Netgear (www.netgear.com). Netgear's ProSafe 802.11g Wireless Access Point (model WG302) uses the new WPA security. Linksys (www.linksys.com) offers several wireless-G broadband routers that also incorporate WPA security. These devices are generally under $100 and offer potentially twice the speed of the older 802.11b standard (up to108mbps). Most 802.11G routers are downward compatible with older 802.11b devices. So, if your laptop or other device is one of those, it may still be able to be used with the newer router devices.
    If your goal is to increase the security of your electronically stored data, then the choices listed above may just provide you with effective and efficient security solutions.

David Lawrence is a practice efficiency consultant and is president of David Lawrence and Associates, a practice consulting firm in Lutz, Fla. (www.efficientpractice.com) David Lawrence and Associates is an approved sponsor of CFP Board of Standards continuing education credits and offers CE programs on a variety of topics, including the financial planning process.