Easy ways to secure network data without letting your IT team into fooling you in more servers or certifications than you need.
1 User login passwords can be cracked and even the encryption will eventually need a password too. Most people use rather easy to crack passwords anyways.
2 you can use or even insist on the password feature within office documents , and within zip documents, and within outlook pst files.
The actual practicality is that people rarely keep track of multiple document passwords, and once a password is known /guessed , it compromises the whole system ..say for an ex employee,keyboard loggers, other ways to read data directly from the hard disk etc.
That cant happen for encryption.
So I would first implement a strong password policy , which is the first step for any company. This means using special characters, characters,numbers and automatic changing of passwords after 1 month.
3 Also laptops should have desk locks provided and compulsory before going away from the desk.
4 The next layer is encryption for data using private key/public keys and for login to the desktop/laptop .An inexpensive encryption solution is to use PGP (Pretty Good Privacy ) for encryption. You can also have open source free encryption softwares .
5 Another layer is have closed circuit cameras or motion trigger alarms in the office activated after say 6 pm or after office hours.
6 Implement multiple solutions using a test control approach on various PCs and then evaluate usage for 1 month before deciding with the big contract.
7 ISO 27001 or BS7799 and certifications help make clients comfortable, but do not enhance data security in any special way given the huge costs.
8 Have training videos for social networking used by hackers or people breaking in to system. Eg. Calling Board numbers for cell phone numbers
9 Try and eliminate as much paper as possible. Printouts, faxes etc. A compnay I know replaced all paper with blue paper just to impress clients. Same principles applied when guards were checking senior management bags. No searches etc.
This is also good for environment too (Use that for impressing clients !), and its better to buy bigger monitors or have an encrypted wireless lan than have tonnes of paper too.
All systems can and will be broken given time and resources to deviants. Using these steps reduces the ease and probability of laptop loss escalated to data loss in wrong hands.