Medword & BBB Information:
ID Theft & The Internet

Part of Medword's product shipping policy is to ship only to the credit cardholder's verifiable billing address. If the order is for someone else, you will have to forward the purchase to them. Medword ships only to a cardholder address because your card may have been stolen, or the number may have been recorded by a dishonest retail person at a location where you used your card previously, or you may be a victim of personal identity theft. By shipping products only to the cardholder's verifiable billing address, thieves cannot benefit from crime.

The information below is copyright BBBOnLine. For more On This Issue From the Better Business Bureau, including information for consumers, Medword Urges You to please click on this link: More »

Information For Businesses - In the Virtual World

A good deal of the advice we're already provided for consumers can apply equally well to small and medium sized businesses. You can review that information by clicking here.

That said, businesses face a number of special challenges that most consumers do not. Many more businesses than individual homeowners make use of networked computers. High-speed, "always on" Internet access is still much more common in businesses than in homes. In a home, a very few, trusted individuals have access to the computer(s); in most businesses, dozens, hundreds, perhaps thousands of employees have access.

At the very least, the following basic security measures should be in place to help guard your business computer system(s) against would-be attackers:

• Limit Access. Make sure your computer server(s) are placed in a secure location, with a controlled environment. Limit access to a few trusted employees whose duties include responsibility for the computer system. Mission-critical data (such as payroll records, customer data, etc.) should be available to employees on a "need-to-know" basis, separately password protected and, if possible, encrypted.

• Passwords. Use a password protection system for authorizing network log-ins. Avoid using simple passwords; instead they should use cryptic phrases that combine numbers, upper and lowercase letters. The system should require all users to change passwords when they first log on and then regularly thereafter (at least every 90 days). The system should "lock out" prospective users if they fail to enter the correct password three times in a row. Click here for more information from the Department of Homeland Security.

• Virus Protection. Install anti-virus protection software on all of your computers. Scan your computer systems for viruses on a regular basis. Never disable antivirus software, and check frequently with your software provider for virus updates. Consider using the "automatic update" features found in most anti-virus programs to keep the virus definitions up-to-date. Click here for more information on viruses.

• Firewalls.Equip your computers with firewalls, which can be purchased at most computer stores nationwide. Firewalls are gatekeepers - created through hardware and/or software - that protect a computer (or computer network) by shutting out unauthorized people and letting others go only to the areas they have privileges to use. Firewalls should be installed at every point where the computer system comes in contact with other networks - including the Internet, a separate local area network at a customer's site, or a telephone company switch. And, check to make certain your Internet Service Provider has filters to help keep out intruders.

• Download and install security "patches." Most software vendors release updates and patches to their software to correct bugs that might allow a malicious person to attach your computer. Check your software vendors' web sites for new security patches and download and install them on a regular basis. Or you may choose to use the new automated patching features that perform these tasks for you. Click here for help from GetNetWise.

• Back up your computer data. Back up your computer data on a regular basis, at least weekly. Small amounts of data can be backed up on floppy disks and larger amounts on CDs. If you have access to a network, save copies of your data on another computer in the network. Make sure your employees know to do weekly backups of all their important data.

• Regularly check for suspicious activity. Almost all firewalls, encryption programs, and password schemes include an auditing function that records activities on the network. Businesses should regularly check logging data and audit trails to look for unusual or suspicious activity.

• Be aware of file-sharing risks. Your computer operating system may allow other computers on a network, including the Internet, to access the hard-drive of your computer in order to "share files." This can lead to virus invasions or competitors being able to look at the files on your computer. Unless you really need this ability, turn off the file sharing. At the very least, do not share access to your computer with strangers! If you'd like a video explanation from GetNetWise, click here for either a broadband or 56K dial up version.

• Educate your employees. Develop and enforce a company-wide computer and physical security policy, one that instructs employees:
  • Not to open e-mail from unknown sources,
  • What to do when they receive suspicious e-mails (when in doubt, delete!),
  • To disconnect from the Internet when not online,
  • To consider the risks of file-sharing,
  • How to perform data back-up procedures
  • Actions to take if their computers become infected.
  Brief employees and management regularly on these policies, new security threats, corrective measures and incident reporting procedures.

• When an employee leaves. Make it a rule that your organization must remove a departed employee's network access immediately. You may also want to disconnect that employee's terminal from any form of external access (such as a dial-up modem connection).

In addition, you may want to consider purchasing encryption software. Even if an intruder manages to break through a firewall, the data on a network can be made safe if it is encrypted. You can purchase stand-alone encryption packages to work with individual applications, in addition to good encryption software that is in the public domain.

The above ID theft information from the Better Business Bureau is just another example of why Medword most strongly recommends that all medical transcriptionists use encryption in their e-mails, especially when the content of that message may be confidential patient or customer information. Medword reminds you that in the U.S. this type of safety measure is required by law under the U.S. Federal HIPAA Legislation whenever exchanging health-care information. In Canada, security of patient or customer information is required broadly under the British Common Law of confidentiality, Federal and Provincial laws regarding the keeping of records by businesses, and specifically by acts of legislation in some Provinces, such as British Columbia. Even putting legal requirements and responsibilities aside, the easiest way for any business to approach this topic is to think how you would feel if your own health or other personal information was easily available to anyone and what might be done with that information.