« Massachusetts Law CH93h Requires Compliance MeasuresConficker / Downadup Virus »

A Lesson in the Value of Encrypting Portable Media

Recently, I prepared my company’s Quickbooks file and sent it off to McClaren & Associates, my CPA firm.

Because the file was over 30 megabytes, the best way to get it to them was to burn it on a CD and drop it in the mail. Before I burned the file to the CD however, I had encrypted the data file with PGP Desktop to form a Self Decrypting Archive. This means that the data itself becomes scrambled, and no one in the world (including even most major governments!!) will be able to unscramble it unless they have the “key”. When my CPA’s office received the CD, they would enter a password (the “key”), that we previously agreed to verbally, and would then be able to unscramble and save the file into a format Quickbooks will understand. This method of data protection is far beyond merely password protecting the opening of a file, and is extremely secure.

Now for the lesson: What are the chances, but wouldn’t you know it got lost in the mail and never made it to their office!?! This is a true story. Thankfully, I had the file encrypted.

Remember folks, this was my entire accounting system file and had all my customers, vendors and employees information in it. Much of this data, such as credit card numbers, bank account numbers, social security numbers, and other personnel data is deemed personal information and controlled by MA 201 CMR 17.00 is contained in the file!

Wouldn’t you cringe if this happened to you and the file you sent was NOT encrypted?

Remember, even though a Quickbooks file may be password protected it can still be opened by anyone by simply accessing Google.com and searching for a Password Cracker for Quickbooks. Also, even if the password is not determined, the personal information could easily be extracted by even a novice hacker.

Fortunately, all my customers, vendors, and employees can REST EASY. How safe are you keeping your stakeholder’s data? Do you have CDs or USB drives or even tape backups lying around unencrypted?

For more information, contact Bill Bowman or me about a free network security risk assessment and MA 201 CMR 17.00 compliance assessment to help you keep your customers, vendors and employees data safe and sound.
-Paul

***
Paul LaFlamme
President & CEO
Centrend, Inc.
508-347-9550 (LiveCall:508-347-9550) x115

This entry was posted on March 24th, 2009 at 04:50:29 pm and is filed under Technology

No feedback yet

Comments are not allowed from anonymous visitors.