Ready to find out more about safeguarding sensitive data? In this second part of our cybersecurity series, we will continue exploring the different aspects of safeguarding your data. (In case you missed it, you can still read the first part of this series.) Here are some steps you can take immediately to protect sensitive data at work and home:
- Encrypt ALL confidential data and personally-identifiable information (PII) at rest and in transit. (View this free tutorial). Assume that anyone can bypass district network security and that the computer on your desk, whether laptop, Chromebook, or desktop, can be worked on as if someone was sitting in front of it. Want to send an email or store data in the cloud? Encrypt the files and the message itself if it deals with confidential data or PII.
- Use a password tool to generate uncrackable passwords and change them regularly. There are many password managers, like 1Password and LastPass that are online, while others can be saved on your computer or device (e.g. Keepass). You can always use a Secure Password Generator to come up with tough ones. This sure beats writing them on a post-it note and sticking them to your computer or desk (I actually saw a desk covered in these once).
- Avoid sharing confidential data or PII with students and staff. That information can be used to create bank accounts, etc. This can also include leaving confidential data or PII on your desk at work or in your paper notebook in the car. Whether it’s digital or paper, you still have to pay for identity theft protection!
- Shred paper copies. It doesn’t matter if you are all digital if a paper copy ends up being stolen from your desk, car, or home. Shred paper as soon as possible.
- If it’s confidential or sensitive data, the website you are connecting to should have https:// as part of the URL. If not, refuse to enter the information in.
- Back up your data frequently. It’s obvious, but this is something you can easily do using tools like Dropbox and GoogleDrive. Encrypt your data first before backing it up. And back it up to different places. Maybe you back it up to Dropbox on Mondays, Wednesdays, and Fridays. On Tuesdays and Thursdays, you back it up to Google Drive. If you don’t like the cloud, get a USB external drive. Just make sure to encrypt your data, one file/folder at a time or a whole drive at a time. Just do it.
Steps to Stop Infiltration
Help protect the school district against infiltrations caused by virus/malware attacks that could begin with your computer.
- Avoid using obsolete, insecure computer operating systems. If your school district is too cheap to upgrade the computers you use, then make sure you don’t do anything personal on them. File a written request citing the need for a more secure operating system. And ask for a newer computer model with up-to-date operating system (e.g. Windows 7 or Mac OS 10.7 or greater).
- Be careful with email attachments. Don’t just automatically double-click on the attachment someone has sent you. First ask yourself, “Is it reasonable that this person sent me an email attachment? Is the email abrupt or doesn’t make sense? Does the file attachment have an EXE extension or the filename doesn’t make sense?” If the answer to any of these questions is YES, stop and scan the file attachment with your antivirus/anti-malware program (e.g. AVG, Avast are two free ones).
- Avoid phishing attacks. Just this year, I received an email from a lawyer that purported to be a GoogleDoc, but was a phishing scam (Find out more).
- Make sure your home computer is protected from viruses and malware. Anti-virus/malware software is available at no cost for personal, home use. Your district should have an enterprise anti-virus/malware solution for your work equipment.
- Add a password or WiFi key to secure and encrypt your home wireless access. It’s so easy to “sniff data packets” these days (I tried it with free tools and was shocked how easy it was) that you need to prevent unauthorized access to your wireless. (In some cases, this means upgrading your wireless router’s firmware.)
- Avoid “dodgy” sources of software or apps. These days, you can get your software/apps from approved creators/developers or somewhere else. Most of us should stick to only approved outlets for software because “somewhere else” sources sometimes result in “bonus” malware.
It’s no longer enough to rely on the benevolent protection of your school district to safeguard digital data. There are too many ways that hackers and dishonest people can access confidential information. Part of good digital citizenship involves learning how to safeguard sensitive data. Start now because the challenges will only grow the more you learn and as time progresses.