Are you protecting your customer’s data as well as you want your bank or credit card company to protect yours?
You should notice the title of this article is “Secure Your System.” It does not say “secure your data.” That’s because the data you keep in your system is really all about your customers. The information in your database describes them, perhaps in enough detail that an Identity Thief could have a field day. We hope this article will help you protect their data as vigorously as you would want your personal information protected by the companies you trust.
Trust is a key word in this scenario. You trust your bank or credit card company to protect you. Your customers trust you to do the same. How do you do that? Do you even think about it? Do you picture yourself in the same position as a lending institution? You should.
Based on our experience while providing technical support for our software, we know that few take it as seriously as they should. So here are a few things you should be doing. However, you must understand that this is not to be considered everything you should do. We really only intend to get you started with the most obvious. We know that many ABS users do not even pay attention to what should be obvious, or they are too naive or lazy to take action. The following are things YOU can do to secure your system.
Windows: Going back as far as I can remember, Microsoft has given you the ability to require a User Name, and a Password. You can also turn off the requirement to enter it, but it is still there. You would be surprised at how many insurance office PCs do not require complete Windows log in credentials. Actually, that may not be your fault. By default, Windows suggests a valid User Name, and asks for a Password only. If there is more than one user on a computer, Windows lets you pick from a list. That’s poor security. Thankfully, you can tell Windows to require entry of a User Name and Password. Doing that is a little different from one version of Windows to another, so search the web with this phrase: How to make windows require a username and password in log on screen.
Require users to log in when waking up the screen saver, and turn your computer off when you go home for the day.
DO NOT use a wireless network (WiFi). They are easier to hack than a wired network.
DO NOT use a Public Network. Use a Private Network only. It is a Windows network setting. ABS does not support network setup, so talk to your local IT Professional.
Internet Security Software: A lot of brands are available. We don’t endorse any one product, but we strongly encourage using one. Sometimes they are a pain in the neck for us, but well worth the time to setup properly. Just as we don’t endorse, we also don’t support another company’s product. Please don’t ask. Your local IT Professional probably has a favorite. Follow his or her suggestions so you can get support if something goes bonkers.
ABS Security: Since version one of our software, over 20 years ago, we have used data encryption to help protect sensitive information such as Social Security Numbers, and Driver License. DO NOT consider that enough. All that does is make it difficult for someone to hack into the database and capture Identity Theft information. Difficult enough to discourage them, but not impossible.
The ABS Administration program lets you assign a User ID and Password for each employee. You would be surprised at how many offices do not require an ABS Password. If encryption only makes theft difficult, not requiring a password makes it down right easy. I was amazed at a recent request to have ABS “remember” the User ID so the user didn’t even need to enter that. Would you like your bank to be that careless?
Passwords: This is the most secure part of log-in credentials so it should be really hard to crack. It should be at lease 12 characters long. Some programs require them to be at least 5. That’s too short. ABS allows you to create one that has as many as 30 characters. That might be overkill, but longer passwords are harder to crack.
Passwords should contain upper and lower case letters, numbers, and symbols like &,@,%. That results in a string of characters that is hard to guess. Unfortunately they are also hard to remember. There are many password creation strategies. You can find a bunch on the web, but one I like is the sentence method. Come up with a sentence that is meaningful to you, and then use the first letter of each word (remember, proper nouns are capitalized). Sentences are easier to remember than a bunch of gibberish characters. For example:
The Pilgrims sailed from England in 1620 and landed at Plymouth Rock.
That result in: TPsfEi1620&l@PR.
Notice the use of upper and lower case letters, symbols, numbers, punctuation marks (sentence ends with a period) and it is long. This is a very strong password. Some systems don’t accept all symbols or punctuation, but you get the idea. Come up with your own sentence about your wedding anniversary and location, or when and where you graduated from High School, or something else you will remember.
A common caution is to never put your password in writing. If you have a lot of passwords, it may not be possible to memorize them all, even with great sentences. So, realistically, writing them down may be your only hope, just don’t put them in a file on your computer. We’ve actually seen systems with a word processor file named “Passwords”. Not wise. If you must write them down, put them in a notebook you can store in a secure place, a safe or a locked cabinet. Also, if your IT Professional creates credentials for you, make sure you know and record them. Technicians have been known to change jobs or even locations.
Make sure you have the credentials for all computers in your office, including the server. There have be too many times when we have been asked for technical support only to be unable to access the system because nobody in the office could remember the password.
Be safe. You have a fiduciary responsibility.