In addition to adopting such restrictions, Henssler Financial has installed network filters to ensure that sensitive information isnt leaking out in e-mail messages or chat sessions and other peer-to-peer applications, O'Pry said.

The financial services firm is also using a database auditing tool from Acton, Mass.-based Lumigent Inc. to monitor database activity and alert administrators to suspicious activity such as someone trying to download unusually large amounts of data.

Locking down a network against external attacks alone does little to protect enterprise data against accidental and malicious compromises from insiders, said Lloyd Hession, chief information security officer at New York-based BT Radianz, which provides telecommunications services to the financial industry.

In environments where end users can get access to huge databases containing confidential information, there have to be many checks and balances in place, Hession said. Equally crucial is the need for security education and training, he added.

Lapses such as the one at the VA often happen because end users simply don't know how to handle sensitive information, according to Hession. "The No. 1 tool really is awareness," he said.