Summer 2015
NCRWA.COM
11
feature
DISCRIMINATE THE RIGHT WAY
Are you accepting credit and debit card payments? Do you transmit bank
draft data on your computer? Keep payments on a separate computer network
from other things you do, like SCADA, which is often minimally protected.
You wouldn’t run finished water and wastewater in the same pipe, would
you? In fact, consider not using wireless at all for anything that credit card or
check data travel on. There is no substitute for the security of the hard-wired,
directly-connected cable from your computer to the internet connection in
your back-office closet.
THE BIG SECRET – BANK ACCOUNTS
I am constantly amazed at how no one talks about the security of bank
account numbers in utility business offices. Credit and debit cards have PCI
Compliance standards, but there is no mention of a standard of protections
for routing and account numbers. Here’s a scenario: a list of credit cards were
stolen from your office last week. That’s bad. But what if it were a list of bank
account numbers? Wouldn’t that be a whole lot worse? Think about it. Your
customers would now have to take off work to go to their bank in person,
close their account, open a new account, order (and pay for) new checks,
re-do all their online billpay, and hope their bank balances remained intact.
What a customer relations mess you would have – and these are likely your
best, on-time customers who trust you with their bank draft info. How will
they feel about you now?
AVOID WIRELESS LEAKS
Wireless internet access is very handy, letting you get into your computer
network easily with just a username and a password. However, easy for you
also means easy for a bad guy near your office to get in, too, if he can guess
your username and password. If you must use wireless internet in your office,
consider a policy of only allowing certain people to have wireless access.
Think about what info they can see over that wireless network. Linksys
and Belkin make 2-channel routers that give you two wireless networks
from one router box. Consider making one or both of these networks “non-
broadcasting” – so people outside your building cannot see the name of your
network. These 2-channel routers are easily available and cost as little as
$80. Consider one channel for certain data you send and receive (perhaps
SCADA access) and the other channel for other types of data (such as office
management access). Make sure your wireless has WPA2-level encryption –
with a really good, long, ugly password
.
WHO’S GOT YOUR DATA?
Consider how you are storing sensitive numbers and information. They are
on your computer. And they are likely backed up somewhere else, too. Is
your computer protected with encryption? With a password? Is this computer
always connected to the internet 24 hours a day? Bad guys are usually
working “normal office hours” when we all sleep at night. Are they planning
to siphon off your unprotected customer data at 2 am your time tonight?What
about your on-site or off-site backups? How protected are they? Has that
vendor given you something in writing about how they protect your data on
their backup system?
LOCK UP
Do you have one or two people assigned to make sure all the doors are locked
at the end of the day? Have you checked the windows lately to make sure
they are secure? Is someone else assigned to make sure your work vehicles
are secured each day? Police will tell you that nearly half of all vehicles stolen
are unlocked – and half of those have the keys left IN THEM! Why be an
easy target?
Tools, purses, wallets, and anything you don’t want walking off should be
kept out of sight and locked up – in a locker, in a desk, or secure closet. Apply
this same idea to your technology and your “computer room:” always locked
up and out of sight.
PROTECT YOURSELF WITH A WRITTEN POLICY
Written policies are great tools – if you have them – and actually use them.
Remember your Red Flag Rules policy from 2010? Pull it out, dust it off,
and consider adding some language to it that mentions handling of credit
card and bank account numbers. If you haven’t already, include a few words
