As noted in the article, the UBC laptop that was stolen had the hard drive encrypted. Encryption is the use of a cypher algorithm to make the contents of the drive unreadable without the deciphering key. For the last couple of years we have encrypted the hard drives of the laptops we buy for the college, however most of our older laptops are not encrypted. While encryption provides a measure of security if the laptop is stolen, it certainly is not foolproof, and there are many other ways in which data can be accessed, using technology or otherwise.
Trying to put in place technical and procedural measures so that only those who should have access to data can access it is a very large portion of the role of IT departments, ITS at MHC is no exception. No matter what we do, our efforts at security can be completely undermined very easily by thoughtless handling of data. People have busy and ever more complex lives, and spending time worrying about data protection is seldom a priority. However, it is prudent to take a steps to protect our own, our students, and our colleague’s personal information.
The following are examples of things people often do that pose a real risk of compromising security and exposing personal information:
- Sharing passwords
- Housing student personal information on home computers
- Carrying information on unencrypted USB devices (i.e. memory sticks)
- Letting family and friends use a college owned computer
- Storing college data on non-college owned or authorized systems.
This can be unwittingly done by using online backup services like Barracuda, MobileMe, Symantec backup, or IDrive.
- Posting student grades to non-college owned systems.
Yes, people do this! Many learning resource providers offer online grade books that instructors can set up for their students to access. In doing this you are handing student’s personal data over to some corporate entity. At MHC we have a wonderful Blackboard system that can be used to post marks online for students, and all students can access their final grades through the student portal.
- Using a local administrator account on a computer.
If the computer gets hacked or infiltrated by a virus or other malware, the malware or hacker will inherit the security context of the user account it is using at the time of the compromise. If the virus is running on an administrator account, the malware or hacker can alter the computer registry, load and change programs, and adjust settings much easier than if the computer was logged in with a general user account.
As always, with any IT related question or concern feel free to contact the IT Support Centre. They can advise and assist you in the use of the MHC computing environment.
If you are
interested, read through other articles and websites related to information and identity security linked to
below.
Best Practices for Keeping your Home Network
Securehttp://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf
10 Immutable Laws of Security
http://technet.microsoft.com/library/cc722487.aspx
Royal Bank, Preventing Identity Theft
ttps://www.rbcadvicecentre.com/how-to-protect-yourself-from-identity-theft