Publication Date: 2008-04-21
A recent event in Vancouver made me think that even smart people aren't thinking about security. A local accountant dumped un-shredded personal information into the bin out back of a building and the local bin divers found the files. Someone told CTV news and the story broke. The reporter had fun dropping by people's houses to show them their tax return files.
According to the news, the accountant claimed he did not own a shredder. I find this hard to believe. It's like a doctor not owning a stethoscope.
Regardless, here are 10 key things to do to protect you and your clients.
- Buy a shredder; shred things: anything that has personal data, account numbers, social insurance numbers. If in doubt, go wild; shred it anyway. Make sure to put the "shreddings" out for recycling.
- Email is an insecure way to send information. Assume that anything you send by email can be read by people with technical skill who are nosy. This means that you cannot send account numbers (particularly credit cards) via email.
- Speaking of credit cards, there's this special number on your card that some web sites ask for when you buy something. Don't ever use it except on secure online purchase sites. In the hands of a thief, that number will let them buy anything with your credit card.
- While in the vein of online web sites, when you buy something or type in personal information, you must double check that it's secure. To do this, the address of the website must start with https://. The little s there tells you it's secure. Also, there is a lock symbol on your browser at the bottom right. Make sure it's there.
- If you ever get an email that asks you to send account information or other personal data, don't. That kind of information should only go through a web page that you have verified is secure.
- When using your debit card in stores, be sure to protect your PIN from prying eyes. Typically all you need to do is look over your shoulder and scowl to make sure people aren't looking too closely. If you business generates credit card receipts, the merchant copy has the full card number. Lock these up!
- At least skim-read your bank statements and credit card statements to see if anything sticks out as unusual. Ideally you should cross reference your receipts to the statement and make sure everything is there that should be there. If there's odd activity the sooner you report it, the better off you are.
- Laptop computers are very convenient, but are easy to lose or have stolen. To protect the data, you should have a sign-in password.
- Passwords are one of life's contradictions. They should be tough to crack but easy enough for you to remember. In corporate life, I have on more than one occasion set up a clever password and forgot it, prompting a call to the help desk. If you use something you can remember, say a birth date, put a . or ! in it and add something silly, like 'karp'. That way you can have 12!112001Karp and you have a password that's hard to guess.
- Back up vital information on all your computers. It's as easy as sticking in a USB key hard drive and copying and pasting. For bigger data requirements, you can buy external hard drives and copy you machine's key folders of data quite easily.
With these ten steps you can keep yourself and your clients out of the category of "easy targets."
Robert Ford is a business owner and IT consultant based in Vancouver. He always remembers what his father told him: "Just because you are paranoid doesn't mean that someone isn't chasing you."
His company owns and operates an Ontario Accommodations site and other Canadian Travel sites. Robert@quokkasystems.com