Personal IT Security and Lessons from Life

We increasingly live our lives through our devices, be it PCs or PDAs. While the balance between convenience and IT security is a personal decision, IT security creates massive headaches when you’ve died – and your family has to figure out how to get to the data you may sought to protect. What could you do personally to maintain personal IT security and make things easier for your family? And what could (and should) relatives do when you die to clean up your digital life?

While IT security policies say never, ever write down your passwords, write down your PERSONAL passwords and user IDs so that family members can log in to accounts to pay bills electronically, review statements and access information. And make sure they know where this password file is, and then update it as often as you update your passwords.

Does your account have security questions? The answers to those questions may be obvious to you, but they may not be obvious to your family. Include the answers to security questions in your password information file.

Do not donate someone’s computer until verifying that you have removed all personal files from the PC, all financial software, all browser history and any other information that could be used to impersonate someone online. The last thing you need is someone picking up a cheap donor PC, opening the browser and having access to Grandma’s bank account because the user ID and password were saved to the device. In fact, after you’ve saved all the financial files, transferred all the photos and are otherwise done with the PC, go ahead and install one of the light Linux operating systems on it to wipe everything out and THEN donate the PC to charity.

If you have backups of tax filings or financial software files, ensure that this information is recorded somewhere that isn’t encrypted, locked in a safety deposit box no one can access until the will is probated or otherwise inaccessible. For example, have a USB drive with the Quicken backups in the “love drawer” where all important legal documents like wills and deeds are kept.

However, you should encrypt the USB drive that holds your financial files and personal documents so they can’t be accessed by someone you don’t want to have access to them. You don’t want a maid or caregiver being able to take a thumb drive with Mom’s tax returns and drain all the accounts.

Where applicable and practical, update the person’s social networking profile to “deceased”, “unavailable” or whatever option is appropriate. Facebook actually has the option to set up a memorial page if you don’t just want to close the account. The Wall Street Journal warns that logging onto the site as someone who has died violates the terms of service. If you do log in as that person, for the love of that person or a higher power, don’t go snooping through prior message history or post content as that person for the sake of a prank. (No one in my family actually did this.)

Start closing down online accounts to minimize the risk of theft and fraud. If the person’s Amazon account is shut down, no one can hack in and order two big screen TVs from it. Notify Blizzard Entertainment or other gaming sites that the person is dead so they won’t continue billing the credit card.

You may want to wait on shutting down the individual’s email accounts, due to how many important notices some people receive via email. Collecting the mail for three months looking for account statements to find out where someone has an account doesn’t cut it if someone receives most or all account statements online or via email. However, it may be beneficial to set up the equivalent to an “out of office” message to let those sending messages to learn that the person is deceased.

LifeHacker recommends freezing the credit reports of anyone who has died. Do this with all three credit reporting bureaus.