Fire proof safe

Energize · 10 Jan 2010 at 11:45

Slime101 said:
AES.....lol

Well personally I would hope a business would be using something better but in this day and age I don't take it for granted.

I'm no expert but I would bet that if you left a random looking dvd in a draw a typical burgular would not even notice it, nevermind steal it.

Slime101 · 10 Jan 2010 at 14:09

I think you'll find most businesses dont encrypt anything!

Energize · 10 Jan 2010 at 14:15

It's a worrying lack of responsibility and competence I've come to expect these days unfortunately.

Slime101 · 10 Jan 2010 at 16:47

Why, at what point is it incompetent or irresponsible?

Gonzo0 · 10 Jan 2010 at 17:04

It is is always important to keep vital data and information secure and safe, this includes encryption methods and physical security measures. You never know someone may be after your data which could be very valuable.

A little fact for you:

The secret herbs and spices that go into KFC chicken are kept in sealed vial jars which are kept in a secured safe along with the recipe. The safe is secured in KFC HQ that can only be accessed by the CEO of KFC.

This is done so rival companies cannot obtain the finger lickin' recipe that makes KFC taste so good

Energize · 10 Jan 2010 at 17:04

You said it yourself, if the database is lost or stolen your customers data will be available to god knows who, resulting in mass fraud and your company being disgraced. It is basic IT practice to encrypt all sensitive information on removeable media and there should be someone employed to oversee IT security. It's irresponsible to leave customers personal data with such little protection, do you not respect your clients?

Do people learn nothing from all the missing government pen drives? :confused:

As a business owner you should be familliar with the good practice codes laid out by the information commisoners office on data security where encryption is specifically mentioned.

http://www.ico.gov.uk/upload/docume...rity v 1.0_plain_english_website_version1.pdf

It's madness for a business owner to have a plain text customer database on a dvd in their house.

You really need to get a professional to advise you on these matters before something goes badly wrong. The data protection act requires you to have adequate security for your customers data.

Slime101 · 10 Jan 2010 at 17:35

We dont have an IT specialist and never will, we are too small.

Our database and systems were written long before people fussed about encryption as such there is no facility to do this, taking it offsite is no different to breaking into the office and accessing the systems, we comply where we are required to by the ICO however even when shredding customers details there are no rules on what level of security we are required to use, it simply has to be "adequate" which is wholly subjective.

Nothing has gone wrong in 18 years so i dont expect it to now, we bank hundreds of credit cards a day and dont have a single CVV number either.....why, because the bank doesnt require them - we have NEVER had a single card fraud through our systems!

That said policies are being reviewd with IT to bring it up to date so i shall look at how it is done and see how we can improve it and make it safer for all.

J.B · 10 Jan 2010 at 17:59

Slime101 said:
We dont have an IT specialist and never will, we are too small.

Our database and systems were written long before people fussed about encryption as such there is no facility to do this, taking it offsite is no different to breaking into the office and accessing the systems, we comply where we are required to by the ICO however even when shredding customers details there are no rules on what level of security we are required to use, it simply has to be "adequate" which is wholly subjective.

Nothing has gone wrong in 18 years so i dont expect it to now, we bank hundreds of credit cards a day and dont have a single CVV number either.....why, because the bank doesnt require them - we have NEVER had a single card fraud through our systems!

That said policies are being reviewd with IT to bring it up to date so i shall look at how it is done and see how we can improve it and make it safer for all.

I think you may need to look at bringing your company in to line with ISO27001 or something similiar.

I would expect any customer details to be encrypted at some level or if they are not, stored in a secure location. So your need for a safe isnt completly invalid.

What I would suggest which would probably be easier, is get some encryption software, encrypt your DB etc and store a copy on site and off site.

Slime101 · 10 Jan 2010 at 18:00

The DB on the server cant be encrypted - its too old!!!! The backups can, and should, this will be changed as of monday.

tntcoder · 10 Jan 2010 at 18:53

Slime101 said:
AES.....lol

Why the lolz at AES? It's very strong and a current industry standard...

Slime101 · 10 Jan 2010 at 19:08

tntcoder said:
Why the lolz at AES? It's very strong and a current industry standard...

It was at the assumption that most companies use any form of encryption!

tntcoder · 10 Jan 2010 at 19:12

Slime101 said:
It was at the assumption that most companies use any form of encryption!

Ok my bad, good point in that case

edscdk · 10 Jan 2010 at 21:55

Slime101 said:
Does anyone have any recommendations for for a fire proof safe, it doesnt need to be very big, just for keeping a handful of documents, some DVD's and other computer related backups from work

better to keep it off site?

Slime101 · 10 Jan 2010 at 21:58

The idea is to keep it offsite, the safe is for my house, one of the other directors also has a safe at his house where important documents, and backups are kept.