Thursday, September 07, 2006

Ontario Commissioner and BMO release brochure on information security on the road

The Information and Privacy Commissioner of Ontario and the Bank of Montreal have just released a brochure related to safety, security and privacy in using mobile devices. Here's the media release:

IPC - Guard the information you take out of the office, urges Privacy Commissioner Ann Cavoukian:

NEWS RELEASE : September 7, 2006

Guard the information you take out of the office, urges Privacy Commissioner Ann Cavoukian

In a number of recent cases, thousands of people have found themselves facing the potential threat of identity theft simply because someone took a laptop – packed with people’s personal information – home with them or on a business trip, and the laptop was later lost or stolen.

Ontario’s Information and Privacy Commissioner, Ann Cavoukian, and BMO Financial Group (BMO) have met this challenge head on by partnering together to create a joint brochure, Reduce Your Roaming Risks – A Portable Privacy Primer, which outlines specific steps that everyone can take to minimize the chance that the information contained on one’s laptop or personal digital assistant (PDA) will be accessed by unauthorized parties.

“With today’s technology, people have the flexibility to connect to their organization’s network from virtually anywhere in the world,” said Commissioner Cavoukian. “But working away from the bricks and mortar office means that you are also working outside of the traditional security layers. You need to re-assess the privacy and security risks associated with working remotely or while travelling.”

“It is critical that you take the steps needed to safeguard all confidential information, whether it be your own, that of your employer, or, most importantly, that of the people who entrusted their personal information to your custody and care, in the belief that it was in safe hands,” said the Commissioner.

“As a financial services provider, it is fundamentally important that we continue to earn the trust and confidence of our customers that their personal information is safe and secure,” said Dina Palozzi, Chief Privacy Officer, BMO Financial Group. “We were pleased to work with Commissioner Cavoukian on the development of the brochure. It’s a timely and relevant tool that all workplaces should make available to any employees who share a responsibility for safeguarding important customer or company information.”

Among the recommendations that the Commissioner and BMO make in the brochure:

  • Always use strong password protection, preferably in conjunction with data encryption;
  • Do not remove any client information from your organization’s network or premises without proper authorization from your supervisor;
  • Remove all confidential information, or any devices containing confidential information, from plain sight in your vehicle. Lock your valuables in the trunk before you start the trip, not in the parking lot of your destination;
  • In public places, do not discuss any confidential information on your cell phone; and
  • Only conduct confidential business on business or personal computers. Do not use public computers or networks, or conduct business in public places.

Laptops, PDAs, Cell Phones:

Laptops, PDAs and, more recently, cell phones, are considered to be the “golden eggs” by identity thieves. Here are some of the precautions the brochure recommends be taken to minimize the risks:

  • Ensure that all of your devices require passwords for access: power-on passwords, screensaver passwords, account passwords. Strong passwords consist of at least eight characters, upper and lower case, numerals and special characters. The password should not be a word that can be found in any dictionary;
  • Enable the automatic lock feature of your device after five minutes of idle time;
  • Encrypt your data according to your company’s policies. This is essential if you transport personal and/or confidential customer data – it should never be left in “plain view;”
  • When no longer needed, remove all confidential data from your devices using a strong “digital wipe” utility program. Do not simply rely on the “delete” function.

    Confidential and Financial Information:

    If you handle confidential information online or perform financial transactions, then your laptop (and sometimes your PDA) should, at a minimum, have a personal firewall, anti-virus and anti-spyware protection. In addition, install the latest updates and security patches for your mobile devices, including your cell phone.

    When connecting to public wireless networks or HotSpots in airports, hotels, coffee shops, etc., bear in mind that these networks are inherently unsafe. Remember the following:

    • Watch out for shoulder surfing – someone “casually” observing the work on your laptop; Never connect to two separate networks simultaneously (such as Wi-Fi and Bluetooth);
    • Do not conduct confidential business unless you use an encrypted link to the host network (such as a Virtual Private Network – VPN).

    The brochure also contains advice on what to do if you lose confidential data, as well as providing a quick reference checklist.