Monday, January 19, 2015

Do you have Sensitive Information on your Computer?

It is very possible that you have your own (PII) and/or sensitive information on your computer right now (and other peoples too!).  I have come up with a process to find files containing PII or sensitive information on your computer.  (Caveat:  My process will find PII in many programs including Microsoft products but it may not find all PII or sensitive data.  Also, my process will not find PII in your email or .PDF files -- this is not the holy grail, but it's a good start.)  

The process I recommend is a manual one.  (This works on a Windows operating system.)

Step 1:
Search for YOUR sensitive information:
  1. Close all open applications on your Windows 7 computer.
  2. Click Start.
  3. In the search box enter the last 4 digits of your social security number.
  4. A partial list of potential matches will appear in the window.  Don't click the items from the list, click the blue bar with the magnifying glass that says "See more results".  This will open a new window displaying all possible hits.  You can easily review the hits without performing the search again.
Review each document or file individually by opening each file, look for your SSN and other sensitive information.  Some files could be unreadable (such as zip files) - if they don't open, it might be that the file was not designed to be opened.  Once you have reviewed the file take appropriate action.  Do not delete files you can't open!  If you don't need the file after you have reviewed it, delete it.  If you need the file but don't need the sensitive data to be listed within it, remove the sensitive information then re-save it.  The list will certainly include false positives but you will probably discover some 'PII gold'.    

Step 2:
You might have other peoples PII (or sensitive data) on your computer.  Search for the last 4 digits of your spouse or children's SSN.  If you process family member's information, check for the last 4 of their SSN too.  Also search for people's names (first or last).
  1. Close any open windows.
  2. Click Start.
  3. In the search box enter the last name (or first name).  
  4. A partial list of potential matches will appear in the window.  Don't click the items in the list, click the blue bar with the magnifying glass that says "See more results".  This will open a new window with possible hits.

Saturday, January 3, 2015

Protecting your Privacy at Home

Privacy breaches are becoming more common.  We ended 2013 with a major breach at Target, Neiman Marcus, Michael's and Sally Beauty; a hacker group compromised 250,000 twitter accounts in 2013;  Facebook revealed that a bug had exposed 6 million users' personal data between 2012 and 2013;  New York announced that millions of their resident's records were exposed over a period beginning 8 years prior in 2014; and PF Changs revealed a breach that affected customers in 16 states who used credit and debit cards in the stores in 2013 and 2014.  I could go on.  We get it, our information isn't being handled by the organizations we patronize.  I hate to be the one to break it to you, but you might be guilty of not protecting your information too.

Your home holds a treasure trove of data (credit card data, banking information, work related information, tax records, etc.) that may not be properly protected.   A savvy intruder might be able to get in and leave with nothing more than his camera full of information or even a handful of statements from your filing cabinet that you might never miss.

We all must protect our information.  A few things to consider:

Keep a shredder near the place where you sort your mail.   If you still receive paper bills consider purchasing a cross-cut shredder to shred mail that you do not need to keep long term.  I shred envelopes with my name on them.  I usually shred just my name unless I get a letter from a relative, then the whole envelope goes through.  Shred anything that someone else could use to piece together information about you. 

Purchase a home safe.  We all have documents that we must retain (birth certificates, documents related a major purchase, education information, etc).   These documents must be safe from unauthorized access and unintentional destruction (water, fire, etc.).  Storing these documents in a locked fire-proof safe that is bolted to the wall or floor will provide you peace of mind.  Store the key someplace that is not obvious and not near the safe.

Create and use a password on your home computer.   Regardless of whether you have a laptop or desktop, create and use a password.  Don't leave the computer on unless you log off.  (You can configure it to log you off after X number of minutes if you don't want to remember to press Windows + L.)  Create a good password, don't use "Password", your name or something that could be easily guessed.

Evaluate the information stored on your computer.  Think hard about the information you might have on your home computer.  Do you routinely store your tax information on your computer?  How about password lists?  Do you store any documents that list your social security number?  Evaluate what you have stored on the computer and delete anything you don't want exposed.  It might be a fun exercise to review the documents, spreadsheets and images on your computer.

Secure your Internet access.  Every broadband connection should be protected with a hardware router that is properly configured.  RTFM (read the friendly manual) or even search YouTube.  Many router manufacturers have made the installation simple for anyone who can read.  Don't just plug the device in - read ALL the words.  Write down the admin password you create and put it in a safe place.  Be sure that your WiFi password is complex (with upper and lower case, special characters and numbers) and use WPA2.  I've heard interesting conversations about neighbors who leave their WiFi networks wide open.  Don't do it, even if someone tells you it's fine.  It's NOT!

Know your neighbors.  It's amazing how many people don't know their neighbors.  Get to know them and invite them to get to know you.  Watch out for each other.  Exchange email addresses or phone numbers for a lifeline in an emergency and so you can keep an eye out for unusual activity.

Check your credit report and consider locking down your credit.  Experian, Trans Union and Equifax must provide you an annual credit report when requested.  Space out your requests so that you get a report every 4 months.  Consider getting a credit monitoring service or locking down your credit.  It's a huge pain to lock down your credit but it might save you from an expensive and heartbreaking experience.

Consumers cannot protect themselves from the bad business practices at the organizations they patronize but we can protect the information we store in our homes.