In addition, the Fairfax, Va.-based real estate company has historically had "no policies on how this data is given to [employees] and what they do with it once they are given it," he added.

At the meeting, Raichura and his fellow executives decided to hire a corporate chief security officer, assess the security of each internally developed and packaged application at the company, and create a set of corporate security standards during this year and into 2007, Raichura said.

Six weeks ago, Long & Foster began implementing a system to warn users about downloading salary and financial-incentive information to spreadsheets on desktops and laptops, he added. The new system issues a pop-up warning to users each time they attempt to download sensitive data into an unsecured spreadsheet on desktop and laptop systems, Raichura said.

He acknowledged that the new policy does not prevent any of the company's 2,500 employees from inputting data from paper-based BI reports into an Excel spreadsheet.

"We are just beginning to bring control over [data from printed reports]," he said. "That is the one area I know we need to be very good at."