Data storage safety: Your security role

06/17/2015

Data storage safety: Your security role

WASHINGTON – June 11, 2015 – Brokers, coordinators, assistants and agents all have responsibilities to keep data secure. The following data security tips come from the National Association of Realtors®' Data Privacy & Security Toolkit:

Brokers

  • Have up-to-date policies on how the company handles the storage, retention and destruction of documents, databases and e-mails.
  • Ensure that everyone involved in the business receives regular training on the policies.
  • Ask a lawyer to look over the policies to make sure they're in line with all privacy and data laws that apply.
  • Make sure employees and independent contractors understand that abiding by the company's data security program is an essential part of their duties.
  • Provide employees and agents with data security training before granting them access to personal data.
  • Strictly limit access to data.
  • Know which employees/agents have access to personal information, and make sure anyone with access has a "legitimate business need" for the data.
  • Have a procedure in place for ensuring that workers who leave the brokerage no longer have access to personal information.
  • Know which computers or servers have personally identifiable information stored, and who has access to those computers and servers.
  • Identify all connections to those computers/servers (via mobile devices, branch offices, etc.) and assess the vulnerability of each connection.
  • If agents or employees can connect to the firm's network using mobile devices, make sure they have password protections on their devices.
  • Regularly run up-to-date anti-virus and anti-spyware programs on computers and servers. Also, engage an outside company to conduct a regular security audit of the system.
  • Prohibit sharing or posting passwords.
  • Configure company computers so individual users can't download software or change security settings without approval.
  • Encrypt sensitive files, especially if the firm allows remote access to the network by employees, agents or service providers.
  • Before outsourcing any business functions, investigate the company's data security practices, compare their standards, and ensure they adhere to all applicable federal and state laws regarding data security. Find out how often they perform security audits and insist on fast notification of any issues or vulnerabilities.

Associates and staff

  • At the end of the work day, put all files away, log off all computers and mobile devices, and lock all file cabinets/office doors.
  • Don't store personally identifiable information on any computer unless it's essential for conducting business. If personal information does not need to be accessible on a mobile device or laptop, remove it permanently.
  • Regularly run up-to-date anti-virus and anti-spyware programs on computers and mobile devices.
  • Use a firewall – software or hardware designed to block hackers – to protect computers when online.
  • Use strong passwords. The longer, the better. Mix in letters, numbers, and characters.
  • Use password-activated screen savers to lock mobile devices and computers after a period of inactivity.
  • Never reveal passwords to others, even if they identify themselves as IT professionals inside the organization. No one should ask for passwords; if they do, it could be a sign of "social engineering," a way in which hackers gain access by conning people into revealing secure information.
  • When using a product for the first time, always change vendor-supplied default passwords immediately to a more secure, stronger password.
  • Encrypt sensitive information sent to third parties over public networks. When receiving or transmitting sensitive financial data online, use Transport Layer Security or its predecessor, Secure Sockets Layer, to protect the information.
  • If personal information is stored on a laptop or personal computer, encrypt the data locally. There are many free or low-cost encryption services.
  • Notify the broker immediately of any potential security breach, such as a lost or stolen laptop or a possible virus.

Source: National Association of Realtors® (NAR), Meg White

Ready to live the Florida Dream? Contact me or call (239) 851-3861 to get started!

Serving Southwest Florida including Collier and Lee Counties, Cape Coral, Fort Myers, Fort Myers Beach, Alva, North Fort Myers, Estero, Bonita Springs, Naples, Vanderbilt, Sanibel, and Captiva.