A recent conversation I had with one of my acquaintances set me thinking about security in any organization. We were discussing a large business both of us were familiar with, when their unique approach towards security came up in the course of the conversation. Now, this is one organization where each and everyone including the staff responsible for information security are highly motivated and committed when it comes to security projects. This has a positive impact in that they are outstanding – technically and in their various operations. The security culture they have built up ensures that there is no information risk; moreover they successfully maintain a healthy and resilient work environment. At our medical records review firm, we attach high priority for security especially because we are handling extremely sensitive healthcare information. Needless to say, a strong security culture needs to be integrated into a business’s everyday thinking, decision making and functioning to stay clear of damaging security incidents. This brings me to a recent update by Social Security – the SSA has tightened security on its website.
So what’s new? Now the agency requires people to use a security code sent by text message to a cell phone, apart from a user name and password if they want to log in to a “My Social Security” account. The change came into effect from July 30 onwards. The agency has done this to protect users and also to comply with a 2014 executive order that requires federal agencies to strengthen online security. It is expected that this new security measure may be inconvenient for certain sections of Americans such as seniors. 2015 data from the Pew Research Center shows that only 78% of people aged 65 and above own a cell phone whereas 98% of people aged 18 – 20 own a cell phone. There have been mixed reactions to this update, with many people wanting the administration to revoke it. However, the SSA holds that though they do understand that not everyone has a cell phone or cell service, this is their first step in enhancing security for people and that they expect future enhancements would provide other options.
Cyber security experts advise that people should go ahead and create an online Social Security account if they haven’t done so already. Only one My Social Security account can be created per Social Security number, and by registering an account on the website they can ensure that they don’t become victims of cybercriminals.
People who don’t use a cell phone or don’t want to provide their number can for now email, call or write to the SSA or visit a local office where they can request information about their benefits or earnings statements. In case you lose a cell phone, you can request a cell phone reset code online and the agency will mail you a letter with a reset code within 5 – 10 business days. If you buy a new phone but don’t change the number, you needn’t do anything, according to the Social Security Administration.