Networked Technology is everywhere these days, home PC’s, laptops, cell phones, tablets, even watches! We use it to communicate, store photographs and memories, track our health, our location and store our personal data. We trust it with more information than we sometimes share with our closest friends. I mean who wouldn’t, this small device fits in my pocket, what’s the worst it can do!?
Let’s face it, these devices accumulate more of our personal data every single day and as the saying goes “With great power, comes great responsibility”. Where does the responsibility to keep our data secure land? On the company that produces the devices, the internet provider who allows the data transmission, the company that pays for these business devices, your local IT specialist who assists with installing your required applications, or the end user?
The answer – all of the above.
- The company who produce the device is required to allow password protection on each device, in the form of a pin number, password, facial recognition, thumbprint scan or other.
- The internet provider is governed by New Zealand’s Privacy Act, meaning any data breaches may incur a large fine.
- The company that pays for the business devices will typically have clauses in their contracts surrounding responsible usage and data security. As an employer, they may offer training and enforce safeguards to protect their company data as well as their employee’s personal data.
- Your local IT provider is responsible for providing best practice guidance on data security and implementing systems that protect your business from malicious attacks and ensuring your data is not accessed by anyone that is not meant to have access to it.
- The end user has the most responsibility; choosing a password easy enough to remember, but not easy enough to guess. End users should also change their password on a regular basis, ensure they don’t share their passwords with other people, don’t leave it in an easily accessible location (especially not a post-it note on your computer screen), nor leaving their PC/Device unattended and unlocked (I’ve seen many an all staff email sent from an unexpecting victims email in my lifetime)
Here’s a scenario I once faced in a call centre.
I was managing a team who were new to the call centre environment and each team member had gone through training where we outlined the rules around pin numbers and security.
One of my agents received a call from a customer who proceeded to ask them to make a change to his daughter's account. The agent, following the rules, asked for the pin number which the customer could not provide, as a back-up we would normally have security questions if a customer forgets the password, however as the customer had stated he was not the account holder but the father we would not allow this.
Needless to say, the customer was not happy and started to become irate, at this stage I took over the call. After allowing the customer to vent his frustration, I mentioned to the customer the type of information we keep on record, Date of Birth, Address, Call History (It was a telecommunications call centre). I then mentioned to the customer that I cannot confirm his relationship with the account holder as I’d never met them before. I then asked if somebody other than him called and said they were the account holders Father, should I allow them access to these details and to make changes based on that?
Putting the situation in context for him changed his point of view and he was very apologetic.
Here at Lucidity we also use security questions to verify customers are who they say they are, and to reset their password if they have forgotten it. You can set up or change your security questions here (unless you have a company-specific link provided by your employer).
Security Questions Recommendations
- Make sure the answers to your security questions are not easy to guess or found on your social media (e.g. pets name, or year you were born)
- Limit the questions to answers that only you would know. We offer a standard set of questions that wouldn’t be obvious to anyone other than you, however, we would still recommend the following…
- Set up your own security questions! We offer a free-form security question option, where you can create the question and the answer. Make your questions and answers something that only you would know.
Once you have your security questions set up, this will allow Lucidity Support to verify who you are and assist with password resets free of charge!
Lucidity is also able to offer security consultation sessions for your business. We will assess your business's current security posture, and make recommendations based on our findings. Contact us to find out more.