Jnolte,
I admire your attention to security. (Did you really pay $8,000 for a private company to look at your security?). But, I am fine with my security. Sure RWW with SBS is about as secure as it gets, but I am not going to encrypt my hard drives, nor worry about RDP, which is very secure. I always compare to paper. So, for years we were violating HIPAA, because we didn't have all of our charts locked up in vaults with only one combination? Were we supposed to somehow encode the data? Yes WAP should be used over WEP.
But, as I generally say about security, at some point you have to do just do the best you can. If someone hacks into my data, well then they just hack into my data. My cleaning lady could steal my server. And, I am sure someone could unencrypt it. We can't be doctors and full time IT people as well.
As a very good IT person from Cisco once told me, "Are their people out there that can hack into your system? Definitely. Hundreds. But, are their people out there that want to hack into your system? Doubtful."
