Protecting Sensitive Data
Protecting Sensitive Data
The information age has created an explosion of information and an abundance of access to it. If you are doing personal business or acting on behalf of the college, you are likely handling sensitive information on a regular basis. Cyber criminals have created an industry to target that information and monetize it for quick financial gain. The risks to us as individuals and as institution have never been greater. Fortunately, there are some simple steps that we can take to protect ourselves and the students that we serve.
What data is sensitive?
There are a number of factors that impact the sensitivity of data. Typically, the sensitivity of data is directly proportional to the amount of harm that can come if that data is exposed to unauthorized individuals. That harm can come in the form of identity theft, financial loss, reputational loss, invasion of privacy, etc.
Social Security Number, credit card number, bank accounts, driver’s license, health information, student information and computer passwords are examples of highly sensitive data types that can cause significant harm if improperly handled or exposed.
For more information about data sensitivity and classifications, please review the College Data Classification IT Security Compliance Standard.
How do I protect it?
First, you need to find the sensitive information, then determine if you need to keep it. If you don’t need it, then you need to securely dispose of it. If you need to keep it, then you need to protect it.
The first step to protecting sensitive information, is to determine where it is. Sensitive data can be stored on computer hard drives, mobile devices, thumb drives, and cloud storage areas which can easily be searched, but may also be found in harder to search locations like web browser caches.
The college licenses a tool named Identity Finder that can scan your computer for sensitive data, and then helps you to remove or secure them. This tool is accessible on college computers and free for Montgomery County Community College students to use on their personal devices.
Also, check your paper files for sensitive data.
Delete It! (if you don’t need it)
Once you have found sensitive data, the first question you need to ask is “Do I need this?”. If the answer is no, then you need to securely remove the data. If in paper form, use a cross-cut shredder to protect against a lucrative form of trash picking known as dumpster diving.
If in electronic form, use a secure deletion utility. Moving the document to the operating system trash or recycling bin is NOT sufficient. Identify Finder has an option to securely delete, and you can consider one of the following tools.
These tools are designed to irretrievably erase data, so use caution when utilizing these tools.
- Killdisk - http://www.killdisk.com/ (Windows or Linux)
- Darik’s Boot & Nuke - http://www.dban.org/ (Windows, OS X, Linux)
- SDelete - https://technet.microsoft.com/en-us/sysinternals/bb897443.aspx (Windows)
- Disk Utility - http://support.apple.com/kb/PH5849 (OS X)
Once you determine that you have sensitive information that you need to keep, you should store it safely.
For paper documents, lock them in a drawer or filing cabinet. DO NOT leave them out on your desk.
When printing, use the secure print function that allows you to send documents to the printer that will not print until you go to the printer and enter a PIN.
For electronic data, ENCRYPT…ENCRYPT….ENCRYPT. There are numerous device types and methods for encryption that we can’t concisely cover here. We’ll cover a few, but please reach out to the IT helpdesk if you have a question about how to encrypt data on your device.
****SPECIAL NOTE****Like the lock to your car or home, digital encryption relies on a key. Without the key you can’t get in or access the data. In many instances this key is implemented in the form of a password and the strength of the protection relies significantly on the strength of the password. Use strong and unique passwords for encryption. Consider referring to our password best practices for additional guidance.
Protecting Microsoft Office Documents —
GNU Privacy Guard - https://www.gnupg.org/ (Windows, OS X, Linux)
VeraCrypt - https://veracrypt.codeplex.com/ (Windows, OS X, Linux)
7-Zip - http://www.7-zip.org/ (Windows, OS X, Linux)
Hard Drive Encryption
FileVault - http://support.apple.com/en-us/HT4790 (OS X)
Android - https://kb.mc3.edu/article.php?id=295