Technology Advisor Blog

You need to know this before you sell or donate your old computer

Posted by Ann Westerheim on 8/28/17 1:54 PM

Privacy.jpgIf you just got a new computer you might think its a good idea to sell or donate your old computer.  Why not make a few bucks or do a good deed?  

Even if you think you've removed all your personal information, you may be putting yourself at risk.  

In this report, Dan Meinke, a professional computer investigator, bought a used computer for $50 from an ad, and then looked through the computer and found email messages, "cookies" for websites the former user visited, photographs, and even who their CPA was.  This was an eye-opener for the seller, who thought the computer had already been cleaned up by her son who was "computer savvy".  You can watch the video here.

Our advice?  Remove the hard drive and have it "shredded" by a reliable vendor.  The article mentions destroying the drive with a sledge hammer, but the safer bet is having it destroyed professionally.  (I tried the sledge hammer approach once and determined it was harder and more dangerous than it sounded!).  Most companies that handle secure paper shredding in offices can also handle secure hard drive destruction.   When we "retire" old systems for clients, we remove the drives, and then lock them up prior to secure destruction.

Tags: data security

Train Your Workforce so They Don't Get Caught by a Phish!

Posted by Ann Westerheim on 8/2/17 11:21 AM

Training.jpgThe US Department of Health and Human Services Office for Civil Rights July #Cybersecurity update reminds you to train your workforce so they don't get caught by a phish!  This statement is specifically targeted to healthcare "covered entities" but really applies to all businesses and computer users.

What is a Phish?  Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.   The emails are carefully crafted to look like the real thing, but watch out!  Users are trained to not open "suspicious" links, but what if the email looks like an important email from FedEx, your bank, or the US Post Office?  Without training, users can't tell the difference.

Periodically testing users is also needed to make sure that the training is working.  Will your users click on the link?  Run a test and find out.  Otherwise, you really don't know.

A covered entity's workforce is its front line of defense not only for patient care but also to safeguard the privacy and security of its patients protected health information (PHI).  With the growing levels of interconnected smart devices and increased use of interconnected medical record and billing systems, there has been a ten percent increase in the number of providers and health plans that have had HIPAA related security violations in the past two years.

The security rule specifically requires covered entities and business associates to create a security awareness and training program.  

You can read the full post by OCR here.

Not a healthcare organization?  Read on.  The Massachusetts Data Security Law which applies to ALL businesses in Massachusetts has very similar guidelines relating to the protection of personal identifiable information (PII).  Any combination of a name and social security number, drivers license number, bank account number, credit card number, etc MUST be protected.  

If you're concerned about cybersecurity in your practice or business, please contact us to find if you could be doing more to protect yourself.  Short of disconnecting all computing devices, these threats are here to stay, and employee education and training are a key component of cybersecurity protection for all.

Cybersecurity protection involves layers of protection AND a comprehensive training plan for users.

Tags: Cybersecurity, email scams, training

Subscribe by Email

    Most Popular Posts

    Browse by Tag

    See all tags...

    Connect With Us

    Older Blog Posts

    For older Ekaru blog posts, go to