Find articles

Tagged with: security

Laptop Encryption & Backup

On March 1, 2010, Massachusetts Identity Theft legislation will require securing portable electronic devices which have personally identifiable information (PII) on them.  The law is specifically written to protect information such as Social Security Numbers and bank or credit card information, although colleges like Williams also are required to meet FERPA and HIPAA regulations (which covers things like student grades and health information). more...

The two common ways to protect information are to make it unavailable to a thief (don’t carry personal information around on your laptop) or to encrypt the information (so that even if the laptop is stolen, the data is unreadable).

Since it is difficult, if not impossible, to guarantee that no personal information exists on a laptop, or in the email of a laptop owner, Williams is choosing to encrypt laptop hard drives, starting with departments who commonly work with personal information.

Laptop data will be safe, even if the machine is stolen.

laptop

The program we have chosen is called TrueCrypt, which allows for full disk encryption of Windows laptops, meaning every piece of information on the laptop is encrypted, including the operating system and programs.  This saves the owner from having to worry about saving personal information files into a special encryption folder.   We are currently looking at Mac encryption options.

Since the whole idea behind encryption is that it requires a password to unlock, there is a danger that if an owner forgot their password, then the data on the drive would become inaccessible. Also, any problem with a laptop drive, like corruption due to a jolt or fall, would prevent data recovery specialists from retrieving any data.  Due to these risks, OIT is also implementing a full network backup system for any laptops which are encrypted.

Laptops are not the only devices to be concerned about – USB thumb drives and smartphones may also need to have security measures added to them.

If you have any questions about personal information security, we encourage you to attend one of the monthly OIT workshops.

If you work in a department that handles personal information, and you have a laptop, OIT will contact you to set up a schedule for implementing the encryption and network backup before March.

Edition:Fall 2009 Department:Desktop Systems Tags:, ,

Security Questions

The Office for Information Technology has released a new password changer with a different look and a “forgot my password” feature. The first time you use the system, you will be asked to provide answers for the six “Challenge Response” questions. The idea is that only you will know the answers to these questions. Capitalization does not matter, but spaces do. So if an answer is: ‘New Orleans’, then ‘new orleans’ or ‘New orleans’ will work, but ‘neworleans’ will not. more...

Your responses can be used later to reset the password in case you forget it, or if your password expires before you have a chance to change it. This should reduce the need for support desk intervention if your password expires. Instead, you can click the “Forgot Password?” link. You will enter your username and then be presented with two of the six Challenge Questions (selected at random). If you are able to answer both correctly, you will then be able to choose a new password.

This is just a new feature – the function of the password changer is the same. If you have not forgotten your password, then you simply log in and choose a new one, just as before. You can change your Challenge Questions responses at any time after logging in by selecting the “Password Challenge Response” link. Uncheck the “Use Stored Response” box and you can then enter new values.

As to how the six questions were chosen – that was a long and difficult process. No six questions could satisfy the entire campus fully, so they were chosen to work with the largest possible community base. Remember that the first time you set up your questions you do not have to answer them correctly you just have to remember what you answered. For example, one of the questions is “who is your favorite teacher”. You may not have a favorite teacher, but you could put in Mark Hopkins or Socrates or Britney Spears as long as you can remember that was your answer.

Edition:Spring 2009 Department:Desktop Systems Tags:

Information Security

Do you work with information about people, whether they’re students, faculty, staff or others? If so, you should consider taking the workshop on Personal Information Security offered by OIT. This workshop serves as an introduction to the laws protecting personal information, what these laws mean to us here on campus, and how to protect your own personal information and that of other people in the connected world in which we live and work. more...

To sign up, visit our workshops page.
Here is the short list of state and federal laws that require the College to protect the personal information we collect and use, which you will be introduced to:

FERPA (Family Education Right to Privacy Act)

Protects student educational records

HIPAA (Health Insurance Portability and Accountability Act)

Protects personal medical record and payment history

GLB (Gramm Leach Bliley Act)

Protects personal financial information

Massachusetts Identity Theft Law

Protects personal financial information

PS: To get a sense of how many personal information security breaches have occurred in the past few years, visit privacyrights.org.