Cyber Awareness Month: protecting sensitive data, reduce breachesTweet
By Melanie Richardson
MUSC President Dr. David J. Cole signs his pledge to follow good cyber security practices. photo provided
At MUSC, protecting sensitive information is crucial to the success of our organization. Sensitive information, such as credit card numbers, social security numbers, names, addresses, telephone numbers and strategic corporate data is valuable and could have profound implications for the organization, as well as its employees and patients if it were to be lost or stolen.
Data breaches have the capability of causing MUSC to expose Protected Health Information, which would result in a HIPAA violation for the improper release of information. These types of violations carry stiff penalties, legal fees and a loss of trust from the public we serve.
Ways data breaches can occur:
- Falling for a Phish — Being tricked by a phish email will allow a hacker into your email thereby giving them access to any sensitive data contained anywhere in your email. Stolen passwords, typically gathered through phishing, account for nearly half of all data breaches.
- Inappropriate Data Storage — Sensitive data should only be stored only on MUSC–managed network drives or protected repositories and should only be accessed as authorized. Sensitive data should not be stored in the places listed below:
- Local Computer/Laptop Drives (Without encryption) — Storing sensitive data on your local computer drive can lead to a data breach if your computer/laptop is ever lost, stolen or infected by a virus.
- Unapproved Cloud Services — Currently, the only cloud–based storage system approved for data storage at MUSC is Box — web address is musc.box.com.
Best places to store sensitive data:
- First Choice — Protected MUSC repositories, such as Epic or Oacis.
- Second Choice — MUSC managed network drives such as the I, N, or U drives
- Third Choice — MUSC email, but only as temporary storage and only the minimum amount of data needed to perform your job. Once you don’t need it, delete it.
- Last Resort — End–user devices with encryption. Sensitive data should not be stored on end-user devices such as laptops or thumb drives unless there is an unavoidable business reason to do so. If this is the case then you need to have it enabled, and you should only keep the minimum amount of data needed. Once you don’t need it, delete it.
For information, visit http://BeginsWithMe.musc.edu or visit one of the Information Security Awareness Pledge Centers around campus to sign a pledge commit to follow good security practices.
Nominate a “Security Mentor” champion for a chance to win a $20 cafeteria or Starbucks gift card. Submit to firstname.lastname@example.org before Oct. 24.