Bits & Bytes
Editor’s note: Information Technology Support and Services offers technology tips in this column. To submit questions or suggestions for topics, contact the IT Service Desk, ext. 1-4000 or ITService@mcg.edu.
Securing portable data
The news has been filled with it lately: A laptop containing the records of 26.5 million veterans is stolen…A USB flash drive with the Social Security numbers of 6,000 students turns up missing…Thousands of private records are accidentally posted on a Web site…Confidential sections of public documents are displayed on a county Web site…
They all have one thing in common – the person responsible for the data didn’t take extra precautions to protect it.
Securing information is often thought to be difficult, intrusive, inconvenient, an impediment to progress. However, these recent disclosures have shown that we must think differently. For example, laptops and USB flash drives are portable, yet many of us still treat them as if they were desktop computers locked in an office.
Computer security is a three-legged stool – if one leg falls short, the stability of the entire system is affected. Keep in mind confidentiality – securing the data for only those who need to see it; integrity – securing the data to ensure any changes are authorized; and availability – securing the data to ensure it is available when needed.
Failing to adhere to any of these characteristics, especially on a mobile computer, creates a dangerous threat and vulnerability.
Tips for securing data on a mobile computing device: Confidentiality can be achieved only through encryption. If data stored on a laptop, CD/DVD or flash drive isn’t encrypted, it isn’t secure.
To achieve integrity, keep the operating system current with security updates. Install a personal firewall and run up-to-date anti-virus and anti-spyware software.
Achieve availability by copying important documents to a network drive. Then, if the hard drive fails or the system is stolen, the data can be easily retrieved.
An ITSS service called iFolder makes this easy. With iFolder, data put into a laptop folder designated for MCG data only is automatically backed up to a network drive. When a laptop is replaced, iFolder will automatically download data to the new computer – no important data is lost or disclosed.
The poster child for securing an MCG laptop would install software that encrypts the drive with 128-bit encryption (confidentiality); keep the laptop up-to-date with security patches, and run a personal firewall, anti-virus and anti-spyware software (integrity); and use iFolder (availability). While these tools require some set-up time, they take little time to maintain. The resulting peace of mind is well worth it.
ITSS is evaluating encryption software for laptops that will be easy to use. Stay tuned.
Mark Staples is the ITSS Chief Information Security Officer and Director of Information Security. Contact him with questions or requests for security reviews and instructional sessions in your department. Call ext. 1-1577 or e-mail mstaples@mcg.edu.
Common laptop mythsMyth 1 My
operating system is password-protected. No one knows my password, so
my data is secured. Myth 2 I’ve
placed a BIOS password on my computer that keeps anyone from getting
to the operating system. Myth 3 Data
stored on my local hard drive is backed up automatically, even
though I’ve not done anything special. The IT department handles it.
|