|
January 9‚ 2012
New Year’s Resolutions
— Privacy & Security
By Cynthia J. Larose
Since it’s traditionally the time for
new beginnings and resolutions to clear away old habits, we’d like to pass
on some tips for improving privacy and security in your operations — and in
your own life — in 2012.
1. Be sure
to secure.
Many data breaches occur by leaving sensitive information
lying around the office. Keep documents containing sensitive data and
personally identifiable information locked up. A
clean desk is a safe desk. Also, make this the time to secure
your home network. Since many online banking and other types of
activities occur across a home network, why allow drive-by
hackers to compromise your information?
2. Encrypt,
Encrypt, Encrypt.
When transmitting sensitive information, make sure it is
encrypted and transmitted over a secure connection. This is not only a
privacy and information security ”best practice,” it is also required
by several laws and industry body regulations, including the HITECH
Act (for electronic protected
health information), the Massachusetts
data security regulations, and the Payment
Card Industry Data Security Standards (for
credit card information).
3. If you
don’t need it, don’t take it.
Data breaches often occur when a laptop
or document files are stolen from an employee’s home, or lost
while in transit. If you don’t need to work with sensitive
data outside the office, don’t take it with you.
4. Once
you have read it, shred it.
If you no longer need files or documents containing sensitive
information, destroy them using proper methods. Using a secure
file deletion program or an
“e-shredder” is an effective way to destroy electronic copies. Again,
this isn’t just “best practice” in many situations — it’s the law (e.g., FTC
Disposal Rule, Mass.
Gen. Law 93I, HIPAA
Privacy Rule).
5. Browse
intelligently.
Make sure that your web browser’s security and
privacy settings are set to an appropriate level. When traveling,
or using a personal computer, be sure to delete web or temporary file
caches so your “e-footprints” don’t expose any sensitive information.
6. Never
engage with a spammer.
While unsolicited commercial emails (“spam”) are annoying, do
not e-mail or otherwise contact the spammer unless you use a valid
“unsubscribe” link at the bottom of the e-mail. It only serves to confirm
your e-mail as “live” and may actually increase the amount of spam
you receive. Don’t open e-mail or attachments from anyone you do not
know. Remind employees of this at work to avoid your company’s
information being compromised by phishing
scams.
7. Make
your passwords complex.
The passwords you use for your
e-mail, online banking, network access, or any other services that
contain your private information — or the confidential information of
your company/employer — should not be simple or easily
guessed. The best
passwords are a mix of numbers,
characters, and letters. If your company does not have a password
policy, 2012 is a good time to start. And, mix up your own
passwords. Utilization of the same password across all
your electronic activities is an invitation
to be hacked.
* * *
Click
here to view Mintz Levin’s Privacy & Security attorneys.
Click here to read and
subscribe to Privacy & Security Matters blog.
* Any links provided to third party
sites are provided solely for your convenience. Mintz Levin is not
responsible for and does not endorse the content, product or privacy
practices of any third party links provided herein for informational
purposes only.
|
