When people think about information security, they usually associate it with computer security — something for computer people to worry about. However, many of the highest-profile information security incidents in 2005 were caused by flaws in physical security.

For example, Ford Motor Co. notified 70,000 people that their names, addresses and Social Security numbers had been taken by a thief who simply walked off with a computer. Similarly, Time Warner reported the theft of a computer tape containing sensitive information for 600,000 people.

When people think about information security, they usually associate it with computer security — something for computer people to worry about. However, many of the highest-profile information security incidents in 2005 were caused by flaws in physical security.

For example, Ford Motor Co. notified 70,000 people that their names, addresses and Social Security numbers had been taken by a thief who simply walked off with a computer. Similarly, Time Warner reported the theft of a computer tape containing sensitive information for 600,000 people. Flawed physical security practices put millions of people at risk of identity theft every year.

Whether you are a multiple listing service or association executive, broker, Realtor or other real estate professional, you personally should be concerned. If you are an agent or broker, you may store personal and financial information about the consumer and his or her family in your contact management system, in your MLS, or in a physical file. If you work at an association or MLS, you may have access to members’ sensitive personal, professional and dues payment information. Where is this sensitive information located? It’s stored in printed reports, voicemail, faxes, on computers and backup tapes, and on forms. Improving physical security in all of these areas can dramatically lower risk of information theft. For example:

Building and Work Area Security

The office should have a quality lock and a monitored alarm system. Areas that house sensitive information should be accessible only by signing in with a receptionist, and there should be no way to bypass a busy or indisposed receptionist. Non-employees should always be accompanied once they leave the reception area. Companies should screen and ideally supervise vendor and repair personnel. Non-employees should never be allowed physical access to employee computers or to the internal office network by plugging in their computer or using the wireless network. Employees should be trained to challenge unfamiliar visitors in a professional manner and to be watchful of their activities.

Document Security

Fax machines should be located in an area requiring need-to-know employee-only access. File cabinets should always be locked and in secure areas. Documents with sensitive information should never be left unattended on desktops; they should be locked in a drawer when not in use, and drawer keys should be secured. These documents should be kept no longer than needed, and should be disposed of using a crosscut shredder.

Computer Theft or Misuse

Do not leave a laptop unattended – but if you must, use a laptop cable to make it more difficult for someone to walk away with it. This is especially important when traveling. Workstations should also be cabled to furniture to deter theft. Servers and telecommunications equipment should be in a locked case – in a locked rack – in a locked room. Remember: someone with physical access can bypass even the best technical countermeasures.

Portable Electronic Media

Always store portable media such as backup tapes, CDs, disks, external hard drives and flash memory drives in a secure locked location. Encrypt data on these media if possible. Dispose of electronic media securely — always use software utilities designed to overwrite sensitive information on disks and tapes, and shred data CDs.

About keys: Even if you collect keys when employees leave, keys are easy to copy. Since it is expensive to replace locks when an employee leaves, it is done rarely, increasing security risks. Ideally, use a magnetic badge system that individually tracks those entering sensitive office areas. That way, when an employee leaves, you simply disable their badge.

Look around your office for all the places where you store sensitive information, and consider taking the above steps to protect that information. You don’t have to be a “computer person” to help protect sensitive information from misuse.

Matt Cohen is chief technologist for Clareity Consulting, an information technology consulting company for the real estate industry.

***

What’s your opinion? Send your Letter to the Editor to opinion@inman.com.

Show Comments Hide Comments

Comments

Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Success!
Thank you for subscribing to Morning Headlines.
Back to top
Hear from Realogy, Pacaso, SERHANT., Spotify, Redfin, Douglas Elliman, and 100+ more leaders at ICNY.Register now×
Limited time: Get 30 days of Inman Select for $5.SUBSCRIBE×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription