Lockdown: Protect Your Business´s Most Confidential Data

Every business has secrets that it would prefer to shield from both the public and from rank-and-file employees. These private documents can include marketing strategies, production processes, product formulas, and even the home phone numbers and addresses of company officers.
每家公司都有商业机密，需要对公众和普通雇员保密。如公司市场策略、生产过程、产品配方，甚至是公司领导的家庭号码和住址。

Making sure that vital secrets stay private is a task that requires careful planning and a multipoint strategy. Here´s how to get started.
保证公司机密数据的安全是公司一项重要任务，需要仔细筹划和多方策略。下面介绍如何保护公司机密数据：

Network Security: Every business needs to have a network-security plan in place to protect files from prying eyes. In addition to the usual software and hardware safeguards, you´ll also want to protect particularly sensitive files with passwords. But since passwords can be stolen or cracked, you will want to keep really crucial information — data that probably won´t be accessed regularly anyway — on discs in at least two physically separate and secure locations.
网络安全：
公司需要一项适合的网络安全计划以保护机密文件不被人偷窥。除了采用一般的软件和硬件保护，你还想使用密码来专门保护比较敏感的文件；由于密码可能被盗或者被人破解，您希望把重要的信息保存在磁盘至少两个独立、安全的位置。实际上这些信息通常还算比较安全。

Wireless Security: An unsecured wireless network can provide a gateway into your main business network, leaving important data exposed to wardriving  spies, employee-created rouge access points and other popular snooping techniques. To lock down your wireless network, use WPA (Wi-Fi Protected Access)encryption in the form of either WPA or WPA2 technology. Additionally, tools from vendors such as AirMagnet Inc. and Aruba Networks Inc. will help you quickly pinpoint the existence of any rogue wireless devices. Steps can then be taken to either take down the access points or to secure the network against their presence.
无线安全：如果无线网络不够安全，可能会存在进入您主要公司网络的入口，这样会将公司重要数据暴露给在“驾驶攻击”（又称接入点映射）、员工创造的无赖接入点和其它嗅探技术下。为了建立牢固安全的无线网络，可以应用WPA（WPA 或WPA2）系统进行加密，也可以使用AirMagnet nc.和 Aruba Networks Inc的工具，可以帮助您快速检测到任何无线网络中存在的流氓设备。采取这样的步骤，可以记录公司周围无线网络存在的非法接入点，保证公司无线网络的安全。

File Encryption: Encrypting secret files is really a no-brainer. Encryption allows people with "need-to-know" privileges to view sensitive information with ease while effectively blocking access to unauthorized parties. Best of all, even if a disc or laptop that contains encrypted files is lost or stolen, it´s highly unlikely that anyone— except for a highly skilled and determined individual — will ever be able to crack the encryption. Leading encryption vendors and products include PGP (Pretty Good Privacy), open-source TrueCrypt, DESlock+, FileLock and T3 Basic Security.
文件加密：
加密文件很容易。加密后的文件只允许有“需要认识”特权的人轻易浏览敏感信息，同时有效阻止非法用户进入文件。即使我们存有加密文件的电脑或磁盘被盗或丢失，其他人也很难解密。目前较好的文件加密工具运营商和产品包括：PGP、代码开源工具TrueCrypt、DESlock+, FileLock 和T3 Basic Security。

Device Control: Gadgets such as portable hard drives, USB thumb drives, cell phones and media players are all capable of swiping business secrets in the blink of an eye. To thwart easy file transfers, remove or seal (with glue) open USB and FireWire ports on your office workstations.
设备控制：
人们可以利用移动硬板驱动、USB驱动、移动电话和媒体播放器等在瞬间盗取商业机密。为了阻止这种事情的发生，你可以在公司电脑卸掉或者用胶类将USB接口和FireWire端口封住。

Document Tracking: All secret documents need to be accessible only through applications that provide document tracking. This policy will create a traceable trail of exactly who looked at a particular document, at what date and time they did so, and whether they made any changes.
文件追踪：
所有机密文档只能通过具有文档追踪功能的应用软件。使用这种工具，可以准确追踪到文档处理的每个阶段：如谁在看某一特定文件，查看文档的日期和时间以及是否做修改过文档等。

Physical Security: Your company´s biggest secrets shouldn´t reside on a network server or a desktop or notebook computer. Many organizations lock their most important data inside bank vaults and approve only a handful of individuals to access the material. While an office safe or a locked room can serve the same purpose as a vault, a safe-deposit box is far less vulnerable to thieves and dishonest employees. Remember to store duplicate copies in at least two geographically separate locations, in case one site is destroyed by a natural or man-made calamity.
硬件安全：
公司最高层机密不应该储存在网络服务器、桌面或笔记本电脑上。很多公司都将公司重要数据保存在银行金库中，只允许很少的个人可以查看。公司保险箱或者上锁的房间都可以起到银行金库的作用。保险箱一般不容易被贼或者图谋不轨的雇员所盗取。要记住拷贝同样一份放在不同的地点，以防止由于自然灾害或人为事件而遭破坏。
阻止这种事情的发生，你可以在公司电脑卸掉或者用胶类将USB接口和FireWire端口封住。


Policies: Employees and business partners need to be aware of enterprise security policies and their roles in protecting information. It´s also a good idea to enforce established security guidelines with a confidentiality agreement that makes the signer legally responsible for any information that he or she willingly discloses to an unauthorized party.
A secret can be lost in the blink of an eye, but getting information back under wraps 秘密的 can take forever。
公司政策规定：
公司员工和商业合作伙伴需要了解公司安全/隐私政策和相关责任。通过双方签订保密协议来实施安全方针也是一个不错的主意，这样签署协议的人就需要依法保护某些信息的安全，保证不泄露给第三方。

一旦秘密泄露，将永远不再是秘密。