To access the remainder of this piece of premium content, you must be registered with Firehouse. Already have an account? Login
Register in seconds by connecting with your preferred Social Network.
Complete the registration form.
Electronic backup files should be safely stowed and laptop computers securely stored to prevent theft of the entire system. In the wrong hands, the information on a laptop may be more valuable than the unit itself. Flash drives and external hard drives should be protected as if they were cash because if stolen the results could be just as devastating. Another option is to encrypt hard drives, flash drives and laptops.
Computers with sensitive information should be dedicated for that purpose and if possible not connected to the Internet. If an Internet connection is required, use superior forms of encryption such as WPA or WPA2 for wireless devices and maintain anti-virus software in all systems.
A device we rarely consider is the copy machine. Many copy machines have hard drives that maintain copies of every image produced. Theft of this equipment could produce information of greater value than the machine itself.
A government worker recently was arrested and charged with pilfering identifying information about thousands of people and using it to steal at least $100,000 through fraudulent credit cards and computer purchases. She was a clerk-typist and simply obtained the information from documents that crossed her desk. This information was then allegedly sold to an identity-theft ring. Bogus credit card accounts were set up and maxed out before bills were sent. It was just that easy.
Federal laws further enhance the importance of the privacy of medical records, including EMS reports. This information is quite sensitive and such reports should not be left around for others to view, but should be dropped into a secured cabinet that can be accessed only by individuals with a need to do so. Not only would release of this type of sensitive information to the public expose your organization to litigation and embarrassment, but it would be a major disservice to the people you have helped.
Proper disposal of records
Finally, be careful what you do with trash. Many of the documents required to be kept by an emergency service organization must be stored for set periods, but when they are ready for disposal, be certain that they are shredded or burned. Information on the computer is just as sensitive. Did you know that deleting a file never truly deletes it? The file is only marked as deleted and remains on the hard drive until the space is re-used. When disposing of computer hardware, remove the hard drive and use a device that meets government standards to do a drive wipe or physically destroy it. The same is true for software and backup drives.
Do the best you can to protect the security of your employees, members and the public who put their trust in you every day. Take all precautions possible and be certain your organization is properly insured in case the worst happens. Whether your department is in a big city or a rural area, security has become a whole new ballgame.
Bill Tricarico, CSC
Senior Risk Management Consultant
Insurance Program (ESIP)
The writer served for more than 25 years with the North Bellmore, NY, Fire Department, holding positions including chief, commissioner and safety officer, and was fire commissioner for the City of Cortland, NY. Also, for 40 years, he has been a risk-management consultant to the emergency services. He is certified as a Workplace Safety and Loss Prevention Consultant and Certified Safety Consultant (CSC) and serves on two NFPA Technical Committees.