Beyond the Numbers, Volume 1 Issue 2

Beyond the Numbers, Volume 1 Issue 2

In this issue:

Protecting your staffing company from identity theft, choosing the appropriate encrypting software and best practices for creating passwords.

 

 

Identity Theft:How Vulnerable Is Your Staffing Company?

 
We’ve all seen the news stories—a laptop containing personal information for thousands of people was stolen, putting those people at risk for fraud or identity theft. Or maybe you know someone whose information was compromised and heard first-hand accounts of the frustration, time and money spent trying to recover.
 
In 2007, the total individual losses from fraud in the U.S.—including identity theft—totaled $49.3 billion. The cost is not only in dollars; it leaves victims feeling frustrated, angry, and helpless.
 
As members of the staffing industry, we all handle people’s confidential information including social security numbers, bank account and routing numbers, addresses and phone numbers day in and day out. What we see as standard report information, others may view as an opportunity to commit identity theft.
 
Are you doing everything you can to safeguard sensitive information? When you minimize the risk of theft, you also lessen your liability. From computers and emails to reports and trash, it’s important to be aware of how confidential information is treated. Following are some tips to help keep our staffing company secure.
 

Encryption

Encryption is a process that transforms information using an algorithm to make it indecipherable to anyone except the people who have the password to make the encrypted information readable again.
 
Encryption software products vary both in cost and complexity (see “Choosing Encryption Software”). It’s important to choose an option that best fits your needs in terms of local computer drives (the c-drive), your network drive, and email.
 

C-Drive

 
The hard drives on your office computers can be a major source of sensitive information. When you encrypt this drive, it requires you to enter a password or pass phrase to access your system. In the event a computer is stolen, it also prevents unauthorized users from gaining access. Check your settings to ensure that if you step away from your desk for an extended time your computer will “sleep” and require a password to be used again.
 

Network Drive

 
It’s important to ensure that this common resource is password protected as well and accessed only by authorized users. Also pay close attention to where the servers are stored. Make sure the location is secure and accessible only by necessary personnel.
 

Email

 
It’s not necessary to encrypt all email messages—only those that contain sensitive information. Tricom encourages encryption of confidential email messages to our clients. We’re constantly working with clients to encrypt sensitive information sent and received via email.
 

Reporting  

It can be easy to forget that reports used every day in the course of business contain information others could unlawfully obtain and abuse. Be cautious of how these reports are handled, especially when in hard copy. Leaving a report on a desk, in an in-basket, in an unlocked file cabinet or on a fax or copy machine is unnecessary exposure and liability.
 
To make reports less vulnerable, suppress or remove any unnecessary sensitive information, including social security numbers and ACH information such as account and bank routing numbers.
 
Tricom suppresses these numbers from checks and reports (unless it’s needed for the report) and shows only the last four or five digits to protect our clients and their employees or customers. We also recommend not using social security numbers as an employee ID number. The fewer places this number appears, the lesser the risk of unauthorized use.
 

Trash 

Documents or any items that are thrown in the trash aren’t gone. They become targets for theft by individuals who search trash specifically looking for personal information (also known as dumpster diving).
 
When you’re finished with a hard copy report, what happens to it? Do you throw it away or place it  in the recycling bin? Is your dumpster or garbage locked or unlocked? How is employee trash protected?
 
Separate sensitive documents from other trash and recyclables. Invest in a shredder and have a trusted employee be in charge of shredding all sensitive documents, or have employees shred them immediately. Do periodic “trash checks” to make sure nothing is being thrown away that should be secured first. If you have a large volume of documents, consider contracting with a certified vendor to shred them for you.
 
When upgrading computer equipment, be sure to safeguard the information that could be left on the old hardware. When a hard drive goes bad, remove it, destroy it and properly recycle it. Don’t assume if you can’t access the information someone else can’t as well. When donating equipment, either remove the hard drive or completely strip out all the information—don’t rely on the recipient to do it.
 

Phishing

Phishing is the act of someone trying to fraudulently acquire sensitive information by posing as a trustworthy source. This typically happens in two ways: either by phone or by email.
 

By phone

 
Someone may call and say he or she is from the bank or another trusted organization. Beware when they begin to ask for personal information such as account numbers, passwords or even social security numbers. Most financial organizations will not ask for this information over the phone. Do not give this information out over the phone unless you initiated the call or know with whom you’re dealing. If you really think it could be the organization they say it is, hang up and call back using the contact information you’ve used in the past.
 

By email or online

 
Never click on links sent in unsolicited emails. Instead, open your browser and type in the web address you know. Also make sure your firewall, anti-spyware and anti-virus protection is up-to date.
 
When online, check to make sure websites that request confidential information are secure. Secure websites will have a URL that begins with HTTPS—the S stands for Secure Socket Layer. You should also see a closed lock symbol in the address bar. In addition, you may wish to set your preferences to alert you when you’re going from a secure to a non-secure location online. Tricom actively supports secure website practices.
 

Protect yourself in dealings with others

When sending important documents, one secure alternative is www.rpost. com. This registered email option is best used for sending legal documents or notifications such as contracts. For a small fee your email is encrypted and secured. The contents cannot be altered—unlike a word document or PDF. It confirms delivery and receipt, as well as documents the email trail. This is one of the few legal delivery solutions that are accepted in court, unlike FedEx, U.S. mail, regular email or fax. For more information, visit www.rpost.com.
 
We can all help in the fight against identity theft by taking steps to protect sensitive information. For more tips on ways to deter, detect and defend against identity theft, the Federal Trade Commission also offers resources online at www.ftc.gov/idtheft.
 

Best Practices For Creating Passwords 

Computer hackers have numerous ways to figure out passwords to access information. Using these best practices will make their work much harder, and depending on your firewall, may block them out all together.
 
Passwords should:
  • Have a minimum of 8 characters
  • Contain a number
  • Contain upper and lower case letters
  • Contain a symbol
  • Not spell out a word
  • Be changed every 45 days
  • Not be re-used for several months
 

Choosing Encryption Software

 
The easiest way to begin your search for encryption software isto do a simple Internet search on keywords such as “hard disk encryption” or “encryption software.” As you review providers and options, pay close attention to the software features, system requirements, the number of licenses per software application and overall costs. Following is a brief list of providers (in alphabetical order) to begin your search and a short description of some of their benefits:
 

DriveCrypt Plus Pack | www.securstar.com

  • Encrypts parts or 100% of your hard disk including the operating system
  • Automatic and transparent to the user
  • Allows secure hiding of an entire operating system inside the free space of another operating system
  • Encrypts almost any kind of media
 

GuardianEdge | www.guardianedge.com

  • Full disk or multi-partition encryption
  • Pre-boot password required to ensure only authorized users gain access
  • Works with Microsoft Active Directory to make the data protection deployment and management less costly and complex
 

PGP Whole Disk encryption | www.pgp.com/products

  • Also works on external hard drives as well as PCs, laptops and removable media such as USB flash drives
  • Achieves full disk encryption using the existing infrastructure
  • Specifically for Windows users only
 

Private Disk | www.private-disk.net

  • Is able to disconnect your encrypted disk when it’s not used for a certain period of time
  • Can be used for desktop and laptop hard drives, as well as CDs, zip disks, iPods, USB flash drives and digital cameras
  • One-step installation
 

SafeHouse | www.safehousesoftware.com

  • Protects any hard drive or memory stick, as well as network servers, CDs and DVDs
  • Fully integrated with Windows, Explorer and Drag-and-drop
  • Allows you to store all your passwords to smartcards and USB memory sticks which are then protected by a single PIN
 

SafeNet Protect Drive | www.safenet-inc.com

  • Encrypts the entire hard drive of laptops, workstations and servers, as well as USB flash drives
Close