Keeping Data Safe

by Roberta Lembke

It is nearly impossible to pick up a daily newspaper and not see headlines about a company, government office, or educational organization that has lost personal data about the their customers or the individuals they serve.  Perhaps you have been one of the unlucky ones to receive a notice in the mail regarding the loss of your personal information.  It is not a fun situation and for some people the loss is frustrating, time consuming, and terribly expensive.  The loss of “good will” between the individual and the company that lost the information can be irreparable.

There are many things we can do to help ensure the security of the data we maintain about our students, employees, alumni, business partners, and other clients.  My Top Ten tips for keeping data safe are:

1. Do not keep any protected or confidential data on a laptop.  Laptop theft is one of the more common ways sensitive data is stolen.
   
   
2. Keep your password confidential, do not share it with others, and absolutely do not write it down and "hide it" at your desk.  Never log someone else in to your account or use another person’s username and password. Many of our business systems track data changes by username.  For auditing purposes, it is imperative that we know who made changes to the data.  Your password is your responsibility and you will be held accountable for activities within your account and activities associated with your username and password.
   
   
3. “Lock” your computer when you step away from it. This can be done by adding a password to the screen saver or using the “Lock workstation” feature in Windows 2000/XP.
   
   
4. Do not store highly protected or confidential data on your computer hard drive.  If your machine is stolen, the data is stolen too.  Store protected or confidential data on the server.  IIT backs up the central servers nightly.
   
   
5. Protected or confidential data should not leave campus via a laptop, CD, DVD, floppy disk, etc.  If special circumstances arise and this data must leave campus, the data must be in an encrypted format.  IIT staff can help you encrypt the data.
   
   
6. Social security numbers should never be used as unique identifiers nor should they ever be stored on a desktop or laptop hard drive.  IIT is working to purge all social security numbers from our systems except where it is absolutely necessary.  You should verify that you do not have social security numbers in any of your data files.  You should also make sure that you don’t have paper documents with social security numbers too.
   
   
7. Word and Excel have options to password protect files.  You should consider this for highly sensitive files. Please note that it is difficult to crack these passwords so be sure to set the password to something you can remember.
   
   
8. Never set your browser to remember your username and passwords for websites.  You should also turn off the “autocomplete” feature in your browser.
   
   
9. Do not store credit card numbers on your hard drive.  If you must keep them, store them on the server and put a password on the file.
   
   
10. E-mail can be a security risk.  Never send any protected or confidential data via e-mail or open an attachment you weren’t expecting.  If you do have to send protected or confidential data via e-mail IIT, can help you set up PGP or another appropriate security system.