The news is filled lately with reports of hackers breaking in to companies and either defacing their website or worse yet, stealing the passwords and credit cards or social security numbers of their customers. In fact, in the first month of this new year we were informed that nearly 110 million consumers had their information stolen from Target. Just last week, the University of Maryland lost 300,000 records to a hacker.
Hackers make news. Hacker stories sell papers (well, get re-tweeted). What we don’t hear about are the accidental data leaks that are potentially just as damaging as a hacked database. For example, Indiana University accidentally posted 146,000 records to a publicly accessible server. Many more can be seen here ranging from lost USB thumb drives to stolen laptops.
The fact is that accidents happen and regardless of the number of protections any IT department may put in place, the last bastion of security is always in the hands of the employee handling sensitive data. Here are some tips to keep in mind when dealing with sensitive data – tips that will go a long way to preventing accidental or inadvertent data loss.
1. If you do not absolutely need access to sensitive data, do not access it. Ask if there are ways to avoid seeing it at all while still having the information and access you need to do your job or research. If you can’t access it, you can’t lose it.
2. Never save sensitive data outside of the application you use to access it. For instance, cutting and pasting Social Security Numbers into a spreadsheet. If you don’t have the data, you can’t lose the data.
3. Scanned documents of sensitive data (such as passports) should not be stored outside of a protected, centralized and secure content management system. If the data is not on your local computer or laptop, it is not there to be lost or stolen.
4. When possible, avoid saving any sensitive data to plain text files, spreadsheets, or Word documents (or similar). If the files get placed in the wrong folder or posted to an open server, they will be clear of sensitive data.
5. Avoid using USB thumb drives or CDs to store files with sensitive information. If the removable media is lost or stolen, it will be clear of sensitive data.
6. Do not use personal file sharing services such as Dropbox or Box.net to store or share files with sensitive information. If sharing is accidentally turned on or the file-sharing service is hacked, your account will be clear of sensitive data.
For more information or tips on how to stay secure, check out the ITS Security page at http://colgate.edu/itsecurity