HARTFORD, CT - Protecting personal information has never been more important for consumers and businesses and there are simple things that can be done to help keep it safe, said Attorney General George Jepsen, who offered “top 10” tips for data security.
“Smart communications technology has made it simple for anyone to access information. But easy access also raises the threat of identity theft and other security problems when personally identifiable information falls into the wrong hands,” Attorney General Jepsen said.
In recognition of National Data Privacy Day, Jepsen reminded consumers who provide personally identifiable information and businesses that collect it about problems that may result if information is not protected from improper disclosure.
Top 10 Tips for Consumers:
1. Stop and think before posting any information online. Using Facebook or Twitter to let the world know you are "on vacation" may also be an open-door invitation to criminals.
2. Pay attention when enabling location services on your phone or other mobile device.
When enabled, your location can be determined in posts to sites like Facebook and embedded in digital photographs.
3. Monitor and strengthen your security settings on social media.
It can help with early detection of any account breaches/unauthorized access. For example, on Facebook, controls can be changed under Settings à Security to require login approvals from devices you haven’t previously authorized; notification when your account is being accessed, and check/end active sessions of your Facebook account (helpful if you forgot to log-out in public place, etc.)
4. Carefully read a business’ or website’s privacy policy. Determine whether they sell your information to other parties before sharing any information.
5. Avoid using public computers to access personal or private information. The connection may not be secured and information may be tracked or logged.
6. Never provide sensitive information, such as your Social Security Number, unless there is a legitimate purpose, such as for employment or health care reasons. Always ask what the information is being used for.
7. Never give out any personal information, such as Social Security or credit card number, in response to an unsolicited e-mail or telephone call. If the e-mail or call claims to be from a company you do business with, call them first to confirm the contact is legitimate. If not, do not provide information or click on links within the suspect e-mail.
8. Encrypt your wireless router. Also, following the manufacturer’s instructions, change the password and turn off the feature that openly broadcasts your network's SSID.
9. Encrypt any private or secret information sent through e-mail.
10. Protect your information and identity off-line: Review your credit reports and report all inaccuracies. (You are entitled to one free report from each of the three major credit rating bureaus annually. annualcreditreport.com ); shred personal letters and bills before discarding; review credit card and bank statements for any fraudulent charges.
Top 10 Tips for Business:
1. Encrypt sensitive information on your network and servers, as well as in any communication that is sent electronically.
2. Install security updates, patches and anti-virus programs on your computers and firewalls on your networks to prevent outsiders from hacking your system or exploiting known vulnerabilities.
3. Educate your employees about data security, data breach prevention and the data breach response plan. Make sure everyone with access, not just information technology staff, knows how to keep information safe and to respond to data security incidents.
4. Restrict sensitive information to a “need to know” basis.
5. Collect and keep data only when absolutely necessary to the work you are performing and dispose of it properly. Old data is dangerous.
6. Develop and implement a social media policy. Instruct employees about its use and potential risks in the workplace.
7. Have a data breach response plan in place and update it regularly. Waiting until you need it will be too late.
If you can’t protect it, don’t collect it. Connecticut law requires sensitive customer information and personally identifiable information to be protected from improper disclosure and made unreadable prior to disposal.
Conduct periodic, detailed security assessments to identify and resolve vulnerabilities and account for newly developed threats.
10. Have a formalized password protection policy that is enforced, regularly reviewed and updated.
Anyone who believes they may be a victim of identity theft or a data privacy breach, or who needs answers about data privacy protection, is encouraged to contact the Office of the Attorney General Consumer Protection department at 860-808-5400.
More information about National Data Privacy Day is available at www.staysafeonline.org. If you would like to share information about Data Privacy Day through Twitter, use the hashtag #DPD2012; or, you can “like” the Data Privacy Day Facebook page at http://www.facebook.com/DataPrivacyNCSA.
