On June 5, 2014, UVA accidentally exposed the GPA, class rankings, work experience, recommendations and other sensitive data on a large group of applicants to a Listserv. Incidents like this do not leave UVA in a league of their own; last month Columbia University was found to have exposed 6,800 patient records on the Internet and Indiana University let 146,000 student records loose when it accidentally stored exported data in the wrong location earlier this year. At the heart of these breaches is the notion that our own misuse of sensitive data can pose as much or more risk to the institution as hackers. The loss of sensitive data can have an immediate and long-lasting effect on our reputation and our users’ lives. When our parents, alumni and students lose their trust in us; when they feel we cannot protect their private and personal information, they will go elsewhere. When easily avoided mistakes are made that put their financial and personal information at risk, their trust in us is lost – possibly forever. But mistakes can be avoided when dealing with sensitive data. Simple steps can be taken to mitigate or even prevent the slippage of data through our own hands. The privacy and security of our students’ data begins with each one of us.
Predominantly, companies lose sensitive information through the accidental misplacement of data. Even the risks associated with a stolen laptop can be chalked-up to the misuse of spreadsheets and scanned data. If sensitive data is never exported from its primary source – if it is never stored locally on a hard drive or thumb drive, then it is better protected and less-likely to be stolen. If emails and attached documents don’t contain sensitive data, sending them to the wrong person(s) holds no risk – even a breached account poses a lower risk. Yet the reality is that to get our work done, many of us export data from databases into spreadsheets and share those sheets and the data they contain through email. It is these very documents themselves and the way we share them that tend to cause the most harm.
As we shift resources into cloud services such as Gmail or Salesforce and implement new solutions for handling “big data” such as Tableau and paperless solutions like Nolij, we begin to lower the risk posed by handling data in traditional ways. This transition does not happen over-night and even after we complete these projects there may still be a need to create documents outside these solutions. So how do we protect ourselves, our students’, alumni’s and employees’ sensitive information? We can follow these simple guidelines outlined below and ask ourselves, before exporting and sharing data, these simple questions:
1. Do I really need to export this data?
Exported data is by far the easiest way to lose sensitive data. The number-one way to prevent the loss of exported data is to not export it in the first place. We tend to export data because we feel it is easier to work with. Instead of exporting the data, take the time to get to know and to learn the tools inside Banner, Nolij and Tableau, or contact ITS to help develop ways to work with data without having to export it. If you find you truly need to export data to a spreadsheet, be sure to do two things:
- Name the document something meaningful. A meaningful name can help prevent you from sharing the wrong spreadsheet.
- Password protect the Excel spreadsheet or create it using Google Docs instead. These methods add some control over who can actually see the data if for some reason it falls into the wrong hands.
2. Do I really need to export this type of / this much data?
We often tend to export more data than we need, “just in case”. By doing so, we set ourselves up for forgetting what data we exported. More-so, we seldom need to export sensitive data types such as Social Security Numbers, Financial Information, Medical Information, Driver’s Licenses, Passport Numbers or Academic Standings. Instead of exporting data you don’t need, limit the amount and type of data you export to only exactly what you do need. If you find you need more later, export it then, not before you need it. Remember, it is never permitted to store full Social Security Numbers along side of names outside of Banner nor Credit Card Numbers and CVV values anywhere.
3. How long do I need this data?
Throughout a year, month, week or even a day, some of us export several spreadsheets worth of data – data which once we’re done manipulating we never need again. Yet we tend to keep this data, again, “just in case”. This exported data tends to build-up on our hard drives, ending up on old forgotten folders, sub-directories, shared drives or even laptops, tablets, phones or personal cloud services like Dropbox! Instead of keeping this data around, be sure to delete exported data as soon as you no longer need it. If it is something that can be recreated, delete the exported data and recreate it when you need it.
4. Who needs to see the data?
Even if you are the only one who needs to see this data, never save it to your local hard drive. Each of us has a network drive and a Google Apps account. By saving the file to one of these locations, it is less-likely to be lost or stolen especially if you use a laptop! Additionally, data stored in these locations can often be restored if it is accidentally deleted. If you do need to share the data, take a moment to think about the why, what, how and with who.
Be sure to ask yourself why you need to share this data – especially in its current format. Can (or should) this data be shared in a different manner like an aggregate presentation, person-to-person, or through a tool such as Tableau?
Share only what the person(s) needs to see. Often we send entire spreadsheets of detailed data when all the other person ever needs to see is a summary. If they don’t need the detailed data, don’t send it! They can always ask for it later if they really need it.
Typically, we tend to share data as an email attachment. This use to be the only method available but today, there are other options. By creating your spreadsheet as a Google Doc, you can share a link to the document in an email instead of the document itself. This protects you in several ways:
- Only those with the link to the document, who have been explicitly permitted to see the document can open it – even if the email with the link is sent to the wrong person(s), and, you can easily “un-share” a document if and when you need to.
- You can make changes to the document and all those who have access to it can see the changes without you having to send updated attachments with each revision – with Google Docs, you can even collaborate in real-time.
- Users can view the document online without having to download the document to their laptop or a thumb drive. This keeps the data in the cloud and off other peoples’ laptops and home computers.
- You can limit who can change or update the document as well as see a history of who changed what and when giving you the ability to collaborate on different levels with different users with the same document.
You can also share Excel documents using Goole Drive (although users can then download the spreadsheet if they so choose). When sharing the document, be sure to select the proper choice appropriate with the level of access you wish to grant. If you decide not to use Google Drive, save the Excel document to your department’s shared folder. You can then send a link to the document’s location instead of the document itself. Your collaborators can then access the data through the VPN instead of saving it to their local hard drive or storing a copy in their email.
Finally, it only takes one fat finger to share the data with the wrong person(s). Be sure to double and triple-check the following:
- The names AND email addresses of the people in the To:, CC: or BCC: field. Sometimes names and emails can be very similar but totally different. There may be two Bob Smiths on campus and only bEsmith is the person who should see your data, not bsmith…
- The names AND email addresses of the people in the sharing configuration of your Google Doc – be sure never to share the data with the world or entire campus unless that is what you absolutely need. Hint: you will rarely ever need to share with the world.
- That your shared document only has in it only exactly what you need to share and nothing more.
By going through this exercise each time you work with data, you can virtually eliminate much of the risks associated with handling sensitive information. Doing so will not only help keep the University safe, it will help our students, alumni and employees live and work in a more-secure world. Practicing these tips can work for areas in your personal life as well – being careful where and how to store and share personal information about yourself with financial institutions, doctors and commercial enterprises can greatly reduce the risk of your identity being stolen. Combining these tips above with using strong passwords and knowing how to identify and deal-with fraudulent emails can and will make the Internet a safer, more-secure place for you and Colgate!