Many websites place their forms on pages that are not secured against evesdropping. Check to make certain you are entering your login information or purchase information on a page that has SSL security enabled. Otherwise, someone else may be able to read that information as it sent across the internet. Read more...
Physical Security for mobile devices
Smartphones like the iPhone, Treo or Blackberry are really small networked computers. They run programs and can store thousands of documents in memory. If stolen, an unsecured smartphone could grant access to your private information: email correspondence, address books, and any unsecured documents.
Fortunately, there are steps you can take to minimize the risks should you lose your smartphone through accident or theft. In short, losing a smartphone could be as big a security problem as losing a laptop.
- Never leave a smartphone unattended, even for just a minute. Make it a personal habit to keep the phone closed at all times.
- Use passwords whenever possible to protect your privacy if your phone is lost.
- Use passwords on any important documents that you keep on your cell phone. Your grocery list doesn't need a password, but you don't want confidential information in the hands of a thief.
- Keep only the documents you really need on your smartphone, and remove and archive older files you don't actively use anymore.
- Never allow your cell phone software to automatically supply a password for you. If you do, it means that anyone with your phone can access your accounts.
- Regularly review and discard data on your device that you will not be actively using for current work.
- Use "open" public wireless networks cautiously. Identity thieves increasingly monitor these unsecured networks in airports or other public places, looking for credit card or personal information sent "in the clear" without VPN or SSL protection.
- If you use your device for email messaging, be sure you choose a phone that supports SSL/TLS security and that has support for wireless VPN networking.
Everyone must immediately report all incidents that may involve a potential breach of ePHI such as a loss or theft of a computer, smartphone, or thumb drive that might contain ePHI to the HIPAA Security Officer hotline. Call: 203.432.3262 to report potential breaches.
See the ITS resources below for more information on obtaining and using these types of devices at Yale: