Security Spring Cleaning

I noticed on Twitter yesterday that the data breach at a marketing services firm was one of the fastest trending topics.  That means be on the lookout for emails asking for your account information; something companies will not ask for via email. Hackers were able to steal customer emails from Epsilon.  That means be on the lookout for emails asking for your account information, something companies will not ask for via email.

E-mail HackingFortunately, I’ve updated to a personal domain and the captured emails were old ISP provided addresses (xxx@bellsouth.net, xxx@comcast.net, etc.) that I’m not actively using for personal email.  I had a to-do pending to update all of my online accounts to use my personal domain.  Fortunately,  this was a spring cleaning activity I hadn’t gotten to yet. 

Here’s my plan to spring clean my online security:

  1. Go to Gmail, Yahoo or any other service and setup a new account.
  2. Make the email fairly generic but easy to remember (for example, jsmithonline01@gmail.com).
  3. Make sure you add a number somewhere in the email (see last paragraph for why).
  4. Enter your primary email as the account recovery email.
  5. Optional:  login to the new email account and setup email forwarding to your primary account.  You may choose to keep all the marketing spam mail in its own box, only saving order receipts.  Just login and clean out that mailbox every few weeks.  You might even setup a rule to forward the emails that contain shipping information.
  6. Optional – Mac users can use the Keychain to store all your passwords for free (dated but relevant tutorial here).  Or you can buy a utility like 1password (www.1password.com) that will encrypt, create passwords and store them in one place (plus supply your login info at each website).
  7. Start your inventory of major online sites.  American Express and Visa typically provide a summary report by merchant.  Go from your largest spend down.   
  8. Go to each site, login with your current username/password and change your email to the one you setup in step 3.  
  9. While you’re doing this, change your password.   I definitely recommend using a different password at each site.  Here is a great article on generating a highly secure password
  10. Log each site in a spreadsheet so you have a copy of where you’ve used this new password (if you have a Mac, use the keychain)
  11. Now here’s the great plus.  Setup a calendar reminder to change your password every 4-6 months.
  12. Finally, don’t forget to use this email going forward for new online orders.  Having a paper-based (excel) spreadsheet may help you remember this better since you’ll refer to it for passwords when you order.

Now the next time a provider notifies you about a breach, just go to your gmail account, delete it and setup a new one with next sequential number (jsmithonline02@gmail.com).  Use the list of your sites (or the Mac keychain, 1password, etc.) to login to each site and change your email.  While you’re at it, go ahead and change your password at the same time.

About the Author: 

James Garvey is a Principal Consultant for MATRIX Professional Services. He has over 15 years of consulting experience working with companies like Accenture, IBM (PwC) and several software companies. He is a technology enthusiast, spending his off-hours figuring out how to make things easier to use for his clients. You can follow James on twitter @jamesgarvey or connect to him on Linkedin.

Posted in: 
Bookmark and Share

“Does anyone want to buy some girl scout cookies?”

We’ve all wanted to do it. Send an e-mail to all of our colleagues letting them know we are raising money or selling something for a good cause. What a great way to “reach the masses” right?

Using work e-mail for personal useBut when using e-mail at work, here is a small word of caution about the do's and don'ts. Right now, in particular, because of the time of year, I'm going to focus on just one "don't". But first I revert back to the 20th century when I was a little girl (no jokes here!)

As I remember -- many, many, MANY years ago, growing up in the Midwest when the selling season began, all the brownies and girl scouts dressed in their uniforms, grabbed their order forms, and canvassed their neighborhoods selling cookies. I, personally, loved that time of year and the challenge of competing with my friends.  There were no cell phones, no e-mail, no parents taking the order forms to work -- at least not for me. You see, my family was in the hotel business, and I remember begging my father to just put the order form at the registration desk so that the guests could order cookies. At that young age, I couldn't understand what a challenge it would be when the cookies finally arrived and we would be faced with the daunting and costly task of shipping all the cookies to those guests who lived elsewhere. But in the end, this was a door-to-door process to sell those cookies.

Coworkers are often happy, and more than wiling to help others raise money. BUT, at some point we have to draw the line and determine what is acceptable and appropriate to do at work, using our business tools, specifically e-mail, to do so.  Company e-mail is intended for communicating business-related information and not for solicitation for charitable causes, selling your home, increasing cookie sales, etc.

Just like most companies, MATRIX is no different. We want to encourage and support our coworkers and their families in so many different ways, and especially by ordering those melt-in your-mouth Thin Mints.

Employees are welcome to put their order forms and other information they want to share at their desk. Several have their child attach a hand-written note to the order form and place it in the break room or other common area.

Just like in the movie, Field of Dreams, "If you build it, they will come." If you put the information out there, they most likely will contribute, buy, or participate. Just don't, please don't, use company e-mail for solicitation purposes.

About the Author: 

Sandy Jess is the Director of Human Resources at MATRIX Resources. Her 20+ years of Human Resources experience in the staffing, software, insurance and retail industries has enriched her understanding of human nature — from the candidate, the employee and even the employer perspectives.

Posted in: 
Bookmark and Share