“People are living in an unprecedented condition,” shares the 2014 Pew Research Report on The Future of Privacy, “of ubiquitous surveillance.” And, although we are now in 2016, did you know that 2014 was known as the Year of the Hack, according to CNet?
“The tone was set in January as we learned details about the Target credit card breach, along with a Snapchat hack that revealed millions of user phone numbers,” shared CNet. Safeguarding sensitive data has grown even more important. Since then, there have been many more hacks, including the Sony Pictures Entertainment hack, which stopped the release of “The Interview;” perhaps we should be grateful for that. Of greater concern, though, is the loss of student and staff personally-identifiable data (PII).
The loss of PII is signaled by facts like the following:
- 97% of stolen computers are NEVER recovered.
- Direct costs are incurred by school districts for having to notify individuals whose confidential data has been compromised, as well as notify credit agencies.
- The cost of paying for credit protection for individuals is affected.
- The school district may suffer damage to reputation.
- Staff may be disciplined or terminated, depending on the severity of the data breach.
The failure to understand how to safeguard sensitive data means that districts who suffer a data breach have no recourse; they must pay to protect against identity theft. Yet, if every staff member practiced the following tips, data could be easily safeguarded.
- Lock or log out of your computer when you leave it alone. Going to lunch? Going down the hall to the restroom? Make sure to secure your computer or device. Don’t leave it logged in, even if you’re just on your web browser checking out the lunch menu.
- Never use work email for personal purchases and/or items. Aside from being “discoverable” during public records or legal proceeding (which you may not even know is happening), you should use a different email for finances. Move your financial management to another email system.
- Use two-factor authentication for emails and other services. “Two-factor authentication is a simple feature that asks for more than just your password. It requires both “something you know” (like a password) and “something you have” (like your phone)” (source: LifeHacker). Two-factor works on sites like Google, LastPass, Apple, Facebook, Twitter, Dropbox, Evernote, Paypal, Steam,Microsoft, Yahoo (avoid them), Amazon, LinkedIn, and WordPress. This will help prevent unauthorized use of your account unless they have your username, password, AND your smartphone.
- Don’t read spam messages; delete them un-opened. Most email providers (like Gmail) have a way of marking messages as spam. But sometimes, spam slips through those filters they’ve set up to catch unwanted email. That means it’s up to you. Some spam is obvious; others are more clever.
- Access confidential data on your work device ONLY. If you work from home, make sure that you encrypt confidential data on your mobile device (e.g. laptop) for travel (yes, even for that short trip from work to the grocery store to home). If you decrypt confidential data, make sure to shred it off your computer (it’s easy to recover deleted files). Apple Macs come with “Secure Empty Trash,” and on Windows, you can use the free File Shredder program.
- Do not put unencrypted confidential data on a USB flash drive or external hard drive or CD-ROM. This is the source of many a confidential data breach!
- Secure your smartphone and remove confidential/sensitive data from your personal mobile phone after each use. Lots of folks use their smartphones to access work details. Make sure you protect that by a.) Putting a passcode on your phone, or better yet, encrypting your phone’s storage with a password; b.) Shredding data on your Android phone (get SSE app for free), or, if on iOS, useReaddle Documents (free) with a passcode and encryption, which adds another layer of protection. And finally, AVOID saving confidential data on your smartphone from your email (and any emailed confidential data should be encrypted. See Part 2 for more tips.).