Keeping Private Information Private, Online and on Paper

information that is no longer needed and could conceivably be used to get money or access to something of value needs to be disposed of properly, says BU’s executive director of information security. Photo by Flickr user amalthya

And you thought document shredding went out with Watergate.

Even in this electronic-communications age, lots of sensitive information is still kept on paper—especially numbers: Social Security, credit card, driver’s license, and financial account, not to mention medical data. Any of that information that is no longer needed and could conceivably be used to get money or access to something of value needs to go away, and go away properly, says Quinn Shamblin, the University’s executive director of information security. In most cases, that means shredded, and for the next three days, the University will help you do that. In recognition of Information Security Awareness Week, BU is making shredders available for all faculty, staff, and students.

The shred-ule is as follows: today, Tuesday, October 25, 9 a.m. to noon, at the Granby Street parking lot by the Commonwealth Avenue intersection; tomorrow, Wednesday, October 26, 9 a.m. to noon, on East Newton Street Private on the Medical Campus; and Thursday, October 27, 9 a.m. to noon, at the Babcock Street parking lot.

There’s also an information website outlining resources and procedures for protecting information.

In Shamblin’s opinion, security is far more important than most people think it is. He cites one unnamed school that kept former students’ Social Security numbers on paper in seven file cabinets. “A person just walked into this office right off the street and stole a handful of them,” he says. “Had they destroyed these records after seven years, as per their own retention policies, this would never have been a problem.”

These days, Shamblin says, online security is probably more important than paper security, which is one reason that October has been designated by the Department of Homeland Security the eighth annual National Cyber Security Awareness Month.

Feeling a little insecure? Shamblin offers these dos and don’ts:

Dos:

• Use different passwords for different kinds of sites. Use one password for your bank that you don’t use anywhere else, and a different, similarly exclusive password for your email account. Use yet another password for other sites that have credit card information saved and another for sites that require passwords, but don’t have any financial or other sensitive information in them.
• Make sure your computer and its software get security updates automatically. Almost all those updates fix security problems that someone found.
• Get anti-malware software (malware is malicious software).
• Put a password/PIN/pattern on your mobile phone. If someone finds your phone and there is no password on it, they get instant access to your email. Get a laugh here.

Don’ts:

• Never give your password to anyone. Not a friend, not a teammate, not your boss, not a person claiming to be from the help desk.
• Do not follow links in emails unless you were actively expecting that email.
• Do not opt for the paperless version of your bank and credit card statements. Malware can intercept communications with your bank and steal from your account, yet display on-screen the amount you expect to see. Statements from others (utilities, say) are fine to receive online and paperless.

And one more do: take advantage of the University’s free shredding.