Data Security Step 1: Don’t let sensitive data walk off
Do you think most exposure of sensitive data is because of hacking into computer networks?
Thousands of patient records and consumer accounts are exposed to the world every month because employees download the information onto portable disk drives, laptops or mobile devices and then lose them.lost Flash drives
Data security these days needs to take into account the “mobility” of sensitive files as much as the security of your servers and internal network.
It’s great to make sure no one can access the files on your server by using your WiFi in the parking lot. But all of your work securing your network is useless if you have employees wandering around with the same data on flash drives in their pants pockets.
Data that can walk
Copies of sensitive data that leave the office are rampant. Consider these examples, just from this year:
•More than 14,000 student social security numbers and admissions files were sitting on a flash drive that was left unattended in a computer lab at Champlain College in Burlington, Vt. in June 2013.
•More than 2,000 employee records (including social security numbers and dates of birth) were discovered on a flash drive used by a former employee of Godiva chocolates in May 2013.
•An unknown number of patient records from the Medicare Exclusion Database, including social security numbers and medical diagnoses, were copied to a thumbdrive, which was misplaced and could not be found at Computer Services Corporation in Raleigh, NC, in April 2013
•More than 1,000 patient records were lost in Pennsylvania when a disk containing the records of patients with unpaid balances was mailed from one office to another in February, 2013. The envelope arrived at its destination without the disk.
These are just a few of many examples of sensitive data being exposed on what we call “loose media.”
Rules sound hard. Routines are easy.
Any company that deals with patients, employees or customers is dealing with data security and needs to have a plan in place to prevent the kind of incidents listed above.
It’s tough to spend time writing up rules and procedures to govern every eventuality, especially for small and medium sized businesses.
Instead, use that energy to work with experts. Create a secure way to transfer sensitive information from place to place. (We mean NOT having the intern copy files onto a flash drive and promise to drop them off at the other office next week.) Use an encrypted file transfer service or another approved method.
Then decide how to keep your secure data from walking out of your office.
Loose media security and destruction
It’s as easy as remembering not to walk in the house with muddy shoes.
Don’t leave the office with data.
By placing secure bins for loose media in convenient areas and having a service that destroys the data to government standards, you’ll cut down on the chances of your business being unpleasantly featured in the next round-up of data loss articles.
Employees don’t like to read and sign new policies, much less follow them; but by training staff to stop before leaving the office and think about whether they have any secure data on their smartphone, tablet, laptop or a flash drive in the bottom of their purse, you can accomplish your goals.
If your staff insists they need portable records, you need to re-evaluate how you can allow them to access such data using a secure internet connection. That will eliminate the need for them to carry around the data in their pockets.
When retiring portable devices such as laptops and smartphones, make sure you have a similarly easy system for storing the devices in a secure place until they are wiped clean. You’d hate to go to all that trouble of storing them for six months just to have them get lost on the way to the data destruction company in the intern’s car.
Onsite data destruction
For devices and loose media, including spent hard drives that have been removed from your servers, the most convenient and efficient service today is called . Offered by TechR2, a reliable, family-owned company in Columbus, Ohio, this service allows you to drop your drives quickly into a secure bin anytime you need to. TechR2’s staff will then visit your business to clean all the data from the drives before they ever leave your building.
This method, called onsite data destruction, greatly reduces the risk of your sensitive data being exposed. That’s because it never leaves your building.
That’s what good data should do.
It should never walk away.