Computer Security: A Moving Target

Volume 2, Number 3, Spring 2001

Charles loved computers. Although he was employed in a small private agency, Charles, and his supervisees had one of the best computer systems in town. Electronic media made main-taining client records, processing bills and coordinating outreach activities so easy. Yet, when Charles’ laptop was stolen from his office, he was panic-stricken. Charles’ laptop contained some confidential client information. Someone, intentionally or not, might access some highly- sensitive files.

Computers truly are a double-edged sword. They are invaluable tools in operating an office. Information becomes more accessible, easier to manipulate, and more compact. At the same time computerized information is highly portable and more fragile than paper records.

Security has to be a key consideration with any computer system. Client records have to be protected against unauthorized use. Computer screens should be placed so that they cannot inadvertently be read by clients. Passwords should be used when accessing programs and computers should be locked when their users are leaving them unattended. It is imperative that all confidential material be protected by a minimum of a password system. As technology evolves, improve and upgrade your computer security measures on an ongoing basis.

If your computer system can be accessed externally, then purchase security software that impedes hacking. A truly determined hacker can crack most systems, but often hacking is opportunistic and the hacker will move on when encountering security software.

Computers, particularly laptops, are susceptible to theft. Laptops should not be left unattended in office areas and should be kept in a locked cabinet or desk drawer for storage. If laptops are being used outside the office, carefully consider the data that may be on the laptop’s hard drive. Confidential files should be on separate disks or CDs and not transported in the laptop’s carrying case. Or consider encryption software that will scramble the contents of the files if the user does not have the correct code.

Often, lost files are a result of more mundane causes. The computer crashes and the data has not been backed up. Almost every computer user has encountered this situation on some scale. Backups should be scheduled and performed regularly. Tape drives, external hard drives and CD writers are readily available to make backing up fast and simple. Do not store your records exclusively on the hard drive, and anticipate that even software applications become obsolete, and that one may have to read and retrieve records years later.

Computer viruses are another problem. It seems that barely a week passes without some new virus alert appearing. Anti-virus software adds a layer of protection, but needs to be constantly updated.

Some other points about computer security to consider are:

  1. Have procedures in place for computer security and follow them religiously. Be sure that everyone in the office, including temporary staff, is aware of these procedures.
  2. Whenever a piece of computer equipment or a computer file containing confidential information has been lost or stolen, report it to authority in your organization and to the police. It is important to show that you took reasonable and timely steps.
  3. Consider the necessity of informing a client if his records were lost or stolen. Lost computer records can be extremely damaging to an individual.

Margaret A. Bogie, MHSA, Insurance Consultant, is a contributing writer and Mirean Coleman, LICSW, Senior Staff Associate at NASW, is a contributing editor to this series for the NASW Insurance Trust. The names and case examples used in Practice Pointers articles are completely fictitious, and any resemblance to persons living or dead is purely coincidental. Questions can be fielded to NASW via blawrence@naswasi.org.