Protect your Information

By Matt Cohen, Clareity Consulting, www.callclariety.com

When people think about information security, they usually associate it with computer security?something for computer people to worry about. However, many of the highest-profile information security incidents in 2005 were caused by flaws in physical security. For example, Ford Motor Company notified 70,000 people that their names, addresses, and Social Security numbers had been taken by a thief who simply walked off with a computer. Similarly, Time Warner reported the theft of a computer tape containing sensitive information for 600,000 people. Flawed physical security practices put millions of people at risk of identity theft every year.

Whether you are an MLS or Association executive, broker, REALTOR®, or other real estate professional, you personally should be concerned! If you are an agent or broker, you may store personal and financial information about the consumer and his or her family in your contact management system, in your MLS, or in a physical file. If you work at an association or MLS, you may have access to members' sensitive personal, professional and dues payment information. Where is this sensitive information located? It's stored in printed reports, voicemail, faxes, on computers and backup tapes, and on forms. Improving physical security in all of these areas can dramatically lower risk of information theft. For example:

BUILDING AND WORK AREA SECURITY. The office should have a quality lock and a monitored alarm system. Areas that house sensitive information should be accessible only by signing in with a receptionist, and there should be no way to bypass a busy or indisposed receptionist. Non-employees should always be accompanied once they leave the reception area. Companies should screen and ideally supervise vendor and repair personnel. Non-employees should never be allowed physical access to employee computers or to the internal office network by plugging in their computer or using the wireless network. Employees should be trained to challenge unfamiliar visitors in a professional manner and to be watchful of their activities. 

DOCUMENT SECURITY. Fax machines should be located in an area requiring need-to-know employee-only access. File cabinets should always be locked and in secure areas. Documents with sensitive information should never be left unattended on desktops; they should be locked in a drawer when not in use, and drawer keys should be secured. These documents should be kept no longer than needed, and should be disposed of using a cross-cut shredder.

COMPUTER THEFT OR MISUSE. Do not leave a laptop unattended -- but if you must, use a laptop cable to make it more difficult for someone to walk away with it. This is especially important when traveling. Workstations should also be cabled to furniture to deter theft. Servers and telecommunications equipment should be in a locked case -- in a locked rack -- in a locked room. Remember: someone with physical access can bypass even the best technical countermeasures.

PORTABLE ELECTRONIC MEDIA. Always store portable media such as backup tapes, CDs, disks, external hard drives and flash memory drives in a secure locked location. Encrypt data on these media if possible. Dispose of electronic media securely - always use software utilities designed to overwrite sensitive information on disks and tapes, and shred data CDs.

About keys: Even if you collect keys when employees leave, keys are easy to copy. Since it is expensive to replace locks when an employee leaves, it is done rarely, increasing security risks. Ideally, use a magnetic badge system that individually tracks those entering sensitive office areas. That way, when an employee leaves, you simply disable their badge.

Look around your office for all the places where you store sensitive information, and consider taking the above steps to protect that information. You don't have to be a "computer person" to help protect sensitive information from misuse.

ABOUT THE AUTHOR: Matt Cohen is Clareity Consulting's Chief Technologist and leads its security assessment practice. Matt has spoken at many conferences, workshops and leadership retreats around the country on security related topics, and is a well-regarded real estate industry expert on software design, product management, project management, data center reliability, scalability, and security. Clareity Consulting was founded in 1996 to provide information technology consulting to the real estate industry and its related businesses.