OIS Security Bytes: Securing Sensitive Information

UNC’s Office of Information Systems will be posting bite-size IT Security tips for our users. As IT security concerns become more a part of our everyday life, awareness is one of our best allies. This week's edition offers tips for securing sensitive information. For more information, contact your local IT Support or chat with us at help.med.unc.edu.

OIS Security Bytes: Securing Sensitive Information click to enlarge Build secure habits.

Top Ten Ways to Secure Sensitive Information NOW

10. Delete old sensitive files.

If you no longer need a sensitive file, get rid of it! Many investigations (and breaches) involve data that was no longer needed or used. Old data puts our systems at unnecessary risk.

9. Store your data on University managed servers.

If you are not sure which server that would be for your department, or if you need assistance accessing the space, please contact your local support or OIS at https://help.med.unc.edu.

8. Do not store sensitive files on your local desktop or laptop.

Even if your computer is fully encrypted, data stored locally is at risk. Encryption protects against a stolen or lost system, but if your system becomes infected or compromised, all local data is at risk.

7. Do not store sensitive files in unapproved cloud storage.

Examples of unapproved cloud storage includes services like Dropbox, Google Docs, Sakai, etc.

6. Use Hardware encrypted memory sticks.

When storing files offline, these devices are foolproof and, if lost or stolen, are considered safe harbor.

5. Encrypt documents before sending them through email.

The campus email system is cleared for sensitive data. However, when you open an email attachment, a copy is stored on the recipient’s local hard drive.  A password on the document encrypts it and protects it from attacks on the recipient’s machine.

4. Use strong passwords on Microsoft Office files containing sensitive information.

This adds an extra layer of protection in case your Onyen credentials are compromised by a targeted Phishing message. 

3. Develop safe password habits.

a. Use strong passwords or passphrases.

b. Do not use the same password on multiple accounts.

c. Do not write passwords down.

2. Use a password manager.

Password managers are a safe way to improve your password habits.

1. If you handle sensitive information and experience unusual or unexpected activity on your computer, STOP!!!

Call 962-HELP and ask them to submit a critical Remedy ticket to IT Security reporting that you have a possible virus on a sensitive machine. Doing nothing to your machine can preserve forensic evidence and help us to more quickly determine if your data is at risk.