Two students break into West Side Wine and Spirits
Alumnus Doug Kass to speak at commencement
NBA playoffs
Letter to the Editor
Donia Bergaoui ventures into AU
Student Senate budgets
AU highlights Jeff Sluyter-Beltrao
AU runners take over Penn
AU competes at NY State outdoor track and field championship...
Green Alfred strikes gold
Around NHL: playoff edition
Beauty and the music of the trees
Letter to the editor: In response to "CSA fasion show covera...
Johanna Moore to compete at the IHSA national championship
Editorial: Goodbye yellow brick road, for now
Keeping the Red Scare alive: The Alfies 2010
Green Tip
Response to a letter to the editor: Explication not concessi...
Letter to the editor: Kazuo Inamori School of Engineering
Hot Doggin' entertainment
Home

The Alfred Computer Guy: Keeping your data safe

By
Mike Stone
02/25/2010


Anybody who has experienced a hard drive crash or some catastrophic system failure knows about the importance of backing up their data, but how often do you think about the safety of your files in terms of “winding up in the wrong hands?”

The threat of data theft and the escalating consequences of losing client information are increasingly frightening prospects in the business world today. Hardly a month goes by without some incident report involving a stolen laptop that contained the personal records of customers, clients, patients, or colleagues.

In Apr. 2008, 1,200 participants in a National Institutes of Health study had their medical records swiped when a laptop was stolen. According to the Washington Post, this data was unencrypted, which is a violation of federal policy.

The United Food and Commercial Workers Union 555 had a laptop stolen in May 2009 that may have contained the personal information (including birth dates and Social Security numbers) of its 19,000 members, according to a letter sent out by the UFCW.

One of the more shocking incidents I was able to find involved the Oklahoma Department of Human Services. In April of 2009, they had to notify more than one million state residents that their personal data was stolen along with an unencrypted laptop. This data included names, SSNs, birth dates and home addresses from clients receiving Medicaid, child care assistance and disability benefits.

Not only is such an event serious enough to warrant termination of employment on-the-spot, but many states are now enacting legislation that holds companies and the offending persons legally liable. It’s easy to point fingers and say “Well, you shouldn’t have all that data on one system anyway” or “You should be more careful,” but the fact of the matter is that for traveling representatives of companies and institutions, yes – they often do need access to that much user data at any given time. Equally futile is the attitude of “be more careful” – you can’t stop theft entirely nor can you completely prevent the all-too-common human “whoops” factor that allows people to leave a computer in an airplane or taxi cab.

The pity is that the whole situation is so easily avoidable. How, you might ask? Well, there are a few ways, but it basically comes down to encryption.

The goal should not be the prevention of system loss, but to make the act of system loss a minor event. Sure, you or your company may feel the sting of losing a $2,000 computer and you may get your hand slapped, but there’s no reason to have a public relations nightmare, an administrative staff scramble to play damage control, and your company’s name in the newspaper.

By encrypting your data, you keep your sensitive files in a “container” under lock-and-key by your PIN or password. Think of it like the difference between a file cabinet and a safe. A file cabinet is easily accessed – even a locking file cabinet is easy to get into (which is parallel to believing your files are safe simply because you need to use your password to log into the computer).

Hardware (and to an extent, software) encryption would be more like keeping your files in a big bank vault. Even if anyone wanted to get at the files, they wouldn’t be able to and they would most likely destroy the data in the process of trying. Either way, prying eyes would never get access.

There are plenty of external hard drives and USB pendrives that are protected by hardware encryption. Apricorn makes portable USB hard drives (ranging from 250GB to 500GB) that feature a physical numeric keypad on the drive itself. Their recommendation if you forget your PIN? Perform a factory reset (which wipes the data) or throw the thing away – there’s simply no getting in.

Software encryption also works well, but can be difficult to use and administrate. A good free program called TrueCrypt is somewhat intuitive and is available for Mac and PC.

There are also encrypted drives with fingerprint scanners or other biometric security measures – I personally avoid them, as they are easily bypassed (as any Mythbusters fan might know). Stick with passwords or PINs.

The main point is that mistakes, theft, and overall data loss happen. It’s part of life in our digital age. The goal of a company and your goal as a responsible employee, student, or vendor is to make sure that the loss of a computer does not result in the loss of public trust.

Do you have any questions you would like to ask? Send me an e-mail at: stone@alfred.edu with the subject “Alfred Computer Guy.” Mac, PC, Linux, OS/2 Warp, NeXT… hit me with your best shot!