Home Cybersecurity Safeguarding Sensitive Data: Part 1
Cybersecurity

Safeguarding Sensitive Data: Part 1

by Miguel Guhlin
written by Miguel Guhlin
cybersecurity

“People are living in an unprecedented condition,” shares the 2014 Pew Research Report on The Future of Privacy, “of ubiquitous surveillance.” And, although we are now in 2016, did you know that 2014 was known as the Year of the Hack, according to CNet?

“The tone was set in January as we learned details about the Target credit card breach, along with a Snapchat hack that revealed millions of user phone numbers,” shared CNet. Safeguarding sensitive data has grown even more important. Since then, there have been many more hacks, including the Sony Pictures Entertainment hack, which stopped the release of “The Interview;” perhaps we should be grateful for that. Of greater concern, though, is the loss of student and staff personally-identifiable data (PII).

The loss of PII is signaled by facts like the following:

  • 97% of stolen computers are NEVER recovered.
  • Direct costs are incurred by school districts for having to notify individuals whose confidential data has been compromised, as well as notify credit agencies.
  • The cost of paying for credit protection for individuals is affected.
  • The school district may suffer damage to reputation.
  • Staff may be disciplined or terminated, depending on the severity of the data breach.

The failure to understand how to safeguard sensitive data means that districts who suffer a data breach have no recourse; they must pay to protect against identity theft. Yet, if every staff member practiced the following tips, data could be easily safeguarded.

  • Lock or log out of your computer when you leave it alone. Going to lunch? Going down the hall to the restroom? Make sure to secure your computer or device. Don’t leave it logged in, even if you’re just on your web browser checking out the lunch menu.
  • Never use work email for personal purchases and/or items. Aside from being “discoverable” during public records or legal proceeding (which you may not even know is happening), you should use a different email for finances. Move your financial management to another email system.
  • Use two-factor authentication for emails and other services. “Two-factor authentication is a simple feature that asks for more than just your password. It requires both “something you know” (like a password) and “something you have” (like your phone)” (source: LifeHacker). Two-factor works on sites like Google, LastPass, Apple, Facebook, Twitter, Dropbox, Evernote, Paypal, Steam,Microsoft, Yahoo (avoid them), Amazon, LinkedIn, and Wordpress. This will help prevent unauthorized use of your account unless they have your username, password, AND your smartphone.
  • Don’t read spam messages; delete them un-opened. Most email providers (like Gmail) have a way of marking messages as spam. But sometimes, spam slips through those filters they’ve set up to catch unwanted email. That means it’s up to you. Some spam is obvious; others are more clever.
  • Access confidential data on your work device ONLY. If you work from home, make sure that you encrypt confidential data on your mobile device (e.g. laptop) for travel (yes, even for that short trip from work to the grocery store to home). If you decrypt confidential data, make sure to shred it off your computer (it’s easy to recover deleted files). Apple Macs come with “Secure Empty Trash,” and on Windows, you can use the free File Shredder program.
  • Do not put unencrypted confidential data on a USB flash drive or external hard drive or CD-ROM. This is the source of many a confidential data breach!
  • Secure your smartphone and remove confidential/sensitive data from your personal mobile phone after each use. Lots of folks use their smartphones to access work details. Make sure you protect that by a.) Putting a passcode on your phone, or better yet, encrypting your phone’s storage with a password; b.) Shredding data on your Android phone (get SSE app for free), or, if on iOS, useReaddle Documents (free) with a passcode and encryption, which adds another layer of protection. And finally, AVOID saving confidential data on your smartphone from your email (and any emailed confidential data should be encrypted. See Part 2 for more tips.).

Read Part 2 now!

 

Transforming teaching, learning and leadership through the strategic application of technology has been Miguel Guhlin’s motto. Learn more about his work online at blog.tcea.org, mguhlin.org, and mglead.org/mglead2.org. Catch him on Mastodon @mguhlin@mastodon.education Areas of interest flow from his experiences as a district technology administrator, regional education specialist, and classroom educator in bilingual/ESL situations. Learn more about his credentials online at mguhlin.net.

You may also like

The State and Local Cybersecurity Grant Program (SLCGP)

TCEA Responds: Securely Back Up and Encrypt Data

Encrypt and Protect Sensitive, Confidential Data

13 Security Browser Extensions and Sites You May...

Hacktivate: Cybersecurity for Grades 6 and Up

Six Simple School Cybersecurity Tips You Can Implement...

Have You Been Involved in a Data Breach?

TCEA Announces Network Security Course

Three Cybersecurity Priorities for Schools and Districts

How to Become a Certified Cybersecurity Professional

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

You've Made It This Far

Like what you're reading? Sign up to stay connected with us.

 

 

*By downloading, you are subscribing to our email list which includes our daily blog straight to your inbox and marketing emails. It can take up to 7 days for you to be added. You can change your preferences at any time. 

You have Successfully Subscribed!

By subscribing, you will receive our daily blog, newsletter, and marketing emails.