Talk to Us

Google Custom Search
Click Off, if you don't want to search
-
Home

Data Security — An Ounce of Caution…

by Jay Edmonson
president
6 Dimensions Consulting

Scott Giordano didn't know his identity had been stolen until he decided to move to take a new job. He'd put a down payment on a house and quit his job…before hearing that he'd failed a background check conducted by the employer that wanted to hire him. The reason: There were nine people, in different parts of the country, employed under his Social Security number,” reads an article in the July 28, 2007 edition of the LA Times.

According to the U.S. Department of Justice, “In the United States and Canada, for example, many people have reported that unauthorized persons have taken funds out of their bank or financial accounts, or, in the worst cases, taken over their identities altogether, running up vast debts and committing crimes while using the victims' names.”

As the adage says, “An ounce of caution is worth a pound of cure.” With the Federal Trade Commission telling us three out of every 100 people are likely to become a victim of identity theft, it behooves us to load up on precautionary measures. For those of us responsible for managing our resort owners’ or members’ information, we want to protect owners/members, the resort’s homeowner association and resort personnel against this growing threat. While the items below are by no means a comprehensive list, here are a few commonsense steps we recommend resort managers and operators take:

Ensure your staff knows that no critical information should be transmitted by email. The Internet and our email communications are just not secure. Pirates only need a social security number, telephone number, name and address in order to obtain a credit card in an unknowing victim’s name. According to the Department of Justice, “In many cases, a victim's losses may include not only out-of-pocket financial losses, but substantial additional financial costs associated with trying to restore his reputation in the community and correcting erroneous information for which the criminal is responsible.”

Utilize a secure Web site when processing credit cards or accepting online payments. A secure site uses encryption and authentication standards to protect the confidentiality of web transactions.

Currently, the most commonly used protocol for web security is SSL, or Secure Sockets Layer. This is a process that uses a third-party source, such as VeriSign or Thawte, to identify and authenticate the server being asked to receive information. SSL encrypts the data and incorporates a mechanism for detecting any alteration in transit, so that eavesdropping on or tampering with Web traffic is almost impossible.

Protect your database of owner information. Just imagine what might happen if you had a disgruntled employee steal your list of current or prospective owners.

To prevent such risk, we recommend resort operators review their current processes to ensure that owner information is viewed only by authorized personnel. A system of password-guarded entry levels to information is a good idea. Also, most businesses will encrypt all but the final four digits of a social security or credit card number in their databases.

We suggest never storing your database of owner information on a server or computer connected to a Web server without several layers of security in-place. In addition, why run the risk of writing data on forms or paper of any kind? Information should be entered directly into a secure electronic format. Employees should be reminded to avoid using generic passwords, such as their names or birthdays, and to never share their passwords with others. This includes not leaving them written down on a yellow sticker posted to their monitor! If your resort has any processes requiring agents to write information on a physical form, think again. In today’s environment of secure on-line transactions, that kind of exposure is unnecessary.

While reviewing your resort’s data security, you may wish to consider guarding email addresses just like social security and credit card numbers. We foresee a day when SPAM laws will come into effect protecting this data, as well.

Educating employees about data security may help make them more aware about ways to protect themselves, too. They may find the following list helpful:

• Don’t carry your Social Security card in your wallet. If your health plan (other than Medicare) or another card uses your Social Security number, ask the company for a different number.
• Watch for “phishing” over the phone, by email or in snail-mail. A combination of the words “phony” and “fish,” scam artists “phish” for personal information by pretending to be banks, stores or government agencies.
• Shred or tear up papers with personal information before throwing them away. Shred credit card offers and “convenience checks” that you don’t use.
• Shield your computer from viruses and spies both at work and at home by using strong passwords, firewalls, virus and spyware protection software.
• When shopping online, check out a Web site before entering your credit card number or other personal information. Only enter personal information on secure Web pages with “https” in the address bar and a padlock symbol at the bottom of the browser window.
• Check your bills and bank statements carefully, checking for any unauthorized charges or withdrawals and report them immediately. Call if bills don’t arrive on time. It may mean that someone has changed contact information to hide fraudulent charges.
• Stop most pre-approved credit card offers. They make a tempting target for identity thieves who steal your mail. Have your name removed from credit bureau marketing lists. Call toll-free 888-5OPTOUT (888-567-8688).
• Ask questions whenever you are asked for personal information that seems inappropriate for the transaction. Ask how the information will be used and if it will be shared. Ask how it will be protected.
• Monitor your credit history. You can get one free credit report e very year from each of the three national credit bureaus: Equifax, Experian and TransUnion. Request all three reports at once, or be your own no-cost credit-monitoring service. Just spread out your requests, ordering from a different bureau every four months. Order your free annual credit reports online at https://www.annualcreditreport.com/cra/index.jsp.

There’s a lot to consider when looking for better ways to protect employees and owners/members. But if you think about it, while resort managers can afford only a percentage of their time to review data security, there are pirates out there thinking of ways to get away with ‘murder’ on practically a 24-hour basis. While taking the maximum number of precautions may not be necessarily 100 percent fail-safe, you’ll have the greater peace of mind knowing you’ve done all you can to secure the safety of your owners’ and employees’ personal data.