My seven-month-old laptop has developed a bizarre hardware glitch that causes a ghost-like scroll bar to pop up on the screen even during the bootup sequence, obstructing my view of the real scroll bar inside my browser or other programs, and making navigation near impossible. When I purchased the machine, I had flipped a coin to decide whether to purchase the extended warranty and repair service package. Luckily, the coin flip favored the purchase, but now that it's time to take the unit in for repairs, I'm faced with first trying to use it in its half-crippled state in order to avoid a major information security breach.
The repair person may be a paragon of virtue, peering only at what is absolutely necessary to fix what ails the machine. On the other hand, my laptop could end up in the hands of a too-curious nerd who decides it might be fun to FTP into the remote server for BOL and all the other sites whose profiles are stored in my FTP program. The nerd could wreak all kinds of havoc by changing or deleting files on the server. Or he might take a break from diagnostics to peruse the documents stored on my hard drive, hoping there's a passwords.txt file (there's not), correspondence regarding credit card accounts, or other confidential information.
In addition, a crooked, but clever, repair person might connect to the Internet, hoping the computer's owner had not cleared all cookies before bringing the machine in and had allowed the browser to store log-in information for bank accounts, brokerage accounts, and online stores. Imagine the potential damage -- whether the individual appears to log-on as you to the BOL Bankers' Threads and posts outrageous messages, or orders merchandise using your stored account information on online merchants.
I'm fortunate, because my computer is still somewhat operable and I will have the opportunity to remove sensitive data before I take it in to be mended. If you experience a more serious problem, however, that precludes you from taking remdial action, it is imperative that you carefully choose who will perform service on your machine. Your information security program should specify steps to take in that circumstance. At the very least, if there is any nonpublic personal information of customers resident on the machine, you should use a service provider you have performed adequate due diligence on, and you should ensure you have a contract provision with the service provider that requires them to implement and maintain an information security program designed to achieve the objectives of the Interagency Guidelines for Safeguarding Customer Information.
Plus -- 'Tis the season to seek tax deductions. If your institution is donating used PCs to charity, make sure you sanitize the machines first in order to avoid exposing sensitive or confidential data to prying eyes. It is NOT sufficient to merely delete files. Either remove the hard drive altogether, or utilize proper methods for removing the data from the drives. Watch the 60 Second Solution from Clayton Hoskinson, "Removing Data from Hard Drives" for more details.
Off I go to dump my cookies, empty my Recyle Bin, delete temporary files, unstore FTP profiles, write over sensitive documents, disable my Internet dial-up password. I've got work to do!!
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
