Working at Home or On the Road — Keeping Information Safe

by Roberta Lembke

Laptops have made it possible for many employees on campus to do their work from home, at a meeting site, or in a hotel room.  This has greatly increased the efficiency of campus operations.  While the efficiency has increased, this new mode of work has also opened up new security challenges for everyone. 

Laptop theft is one of the most common ways protected and confidential data is stolen.  You are probably familiar with organizations and business such as the Department of Veterans Affairs, Internal Revenue Service, Federal Trade Commission, Allina Hospitals and Clinics, and Fidelity Investments.  All of these organizations share a few things in common, one being the fact that each of them has been in the news because a laptop containing sensitive or private information was stolen out of an employee's car, home, or other place off-site. 

Think it couldn’t happen here?  Think again.  Last year a St. Olaf laptop was stolen.  Over 3,000 individuals had to be contacted to tell them that their private information could be in the wrong hands. 

Whenever possible, confidential or private data should never leave campus on a laptop.  If protected or confidential data absolutely must be removed from campus on a laptop, the laptop must be password protected and the data must be in an encrypted format.  IIT has recently concluded testing of encryption and will be setting up encryption on all new college-owned laptops.  Older laptops will be recalled over the next few months so we can set up encryption on them also.  If you are a laptop user, watch your e-mail for more details over the next couple of months.

If you take a laptop off campus and the laptop contains any confidential or sensitive data:

1. Ask IIT to set up encryption on your laptop before leaving campus. 
2. Password protect your files and set your screen saver password.
3. Physically lock your laptop whenever you leave it.  You should use a cable lock system to lock the laptop to a fixed object in the room. 
4. Do not leave your laptop in your vehicle.  If you absolutely must leave the laptop in the car, make sure to lock it in the trunk.  If you have a place you can secure it to with a cable while inside your truck – great!
5. Don’t  assume your laptop is safe in a hotel room.  Whenever possible, cable the laptop to something heavy in the room like a pipe.  If there isn’t a place to attach the security cable to, then, at least, put the laptop out of direct sight (in a drawer, etc.).  Also, put the Do Not Disturb sign on your door when you leave.
6. If you are taking your laptop on a plane, do not put your laptop on the conveyer belt at the security check point until the person before you has successfully passed through the metal detector.
7. Don’t carry your laptop in a “branded” bag (i.e., Apple, Gateway, etc.).  Instead consider a non-descript bag that doesn’t scream out “laptop in bag.”

If your laptop is stolen, contact the local police department immediately.  Then, contact IIT to get the critical asset information that the local law enforcement agency can use in the investigation.  IIT will also activate Computrace, a new security scanning application that is on many of the new laptops. 

If you have questions about laptop security or any data security issue, please contact me or your IIT staff representative.