Protecting Confidential Information - It's In Your Hands!
We handle highly confidential information every day - and most of us don't give it much thought.
Do you carry credit cards in your purse or wallet? A driver's license or ID? Some of you might carry a Social Security card (hopefully not!). You might have an appointment with a doctor who will ask you personal information and then document it in your chart. Maybe you just stayed in a hotel and used one of those card keys that you then turned in to the registration desk at the end of your stay - coded with all of your personal information. You may be going out to lunch with a colleague and you pay for it with a credit card that disappears with the waiter for a minute or two. When you return home after work, you might have bills waiting for you and most of them have a lot of confidential information in them.
Do you file them away in a safe and secure place? Do you pay them and then securely dispose of them or shred them? Do you leave them lying around for others to see? What if some of those people who have access know that Personally Identifiable Information is worth a lot of money? Suppose they understand what they can do with a birth date, a Social Security number, or a credit card number with an expiration date? Maybe they think the risk of getting caught is very low (rightfully so?).
It used to be that if someone wanted to take something from you, they would have to physically risk getting caught and if something of yours were stolen, you could recover. The risk and impact for the criminal was usually much greater than for the victim. Wow, have things changed! Now someone can steal your identity, use it over and over again with very low risk of getting caught, no physical risk, and you might end up "recovering" for the rest of your life! What was taken from you can be bought and sold hundreds of times in seconds, and be consumed again and again, while you're left thinking how you might be able to get a new identity.
Now THAT'S a task to consider! It seems very unfair, and in fact, it is. What can you do about it? You can change your habits - your mindset. You can treat the information you come into contact with in a secure fashion. Don't provide the "low-hanging fruit" that makes it easy for today's criminals. And please consider the information you have access to at work in the same way that you expect others to treat your confidential information. It's all about what we share and how we share it.
By now, hopefully most of you have heard about Brown's Guidelines for Protecting Information, and if you haven't, please take a look. In another six months, we hope to convert this to a formal policy, something we can be audited to. You can go to http://brown.edu/CIS/policy/ and click on the "New" document titled Guidelines for Safeguarding Information. It will provide an overview of all of the things you should be familiar with in order to professionally meet your work-related responsibilities.
But all of these guidelines will help you to protect your own personal information as well. Also see the companion document titled Checklist for Protecting Information, which will break down the requirements into simple steps.
We also have face-to-face training available at http://training.brown.edu titled Protecting Brown's Information where you can go for an hour to get a synopsis of what is in the policy.
And by all means, use the resources available to you. You can always contact the Office of IT Security at ITSecurity@Brown.edu or call me on 3-7266 for questions, concerns or comments. Securing information is simple, but only when people understand the risks and the actions they can take to protect it.