Cyber Awareness Month: protecting sensitive data, reduce breachesTweet
by Melanie Richardson
At MUSC, protecting sensitive information is crucial to the success of our organization. Sensitive information, such as credit card numbers, social security numbers, names, addresses, telephone numbers, and strategic corporate data, all have profound implications for the organization, its employees, and its patients if it is lost or stolen.
Data breaches have the capability of causing MUSC to expose Protected Health Information PHI, resulting in a HIPAA violation for the improper release of information. These violations carry stiff penalties, legal fees, and a loss of trust from the public which we serve.
WAYS DATA BREACHES CAN OCCUR:
Falling for a Phish – Being tricked by a phish email will allow a hacker into your email and thereby giving them access to any sensitive data contained anywhere in your email. Stolen passwords, typically accomplished through phishing, account for nearly half of all data breaches.
Inappropriate Data Storage – Sensitive data should only be stored only on MUSC managed network drives or protected repositories, and should only be accessed as authorized. Sensitive data should not be stored in the places listed below:
BAD PLACES TO STORE SENSITIVE DATA
- Local Computer/Laptop Drives (Without encryption) – Storing sensitive data on your local computer drive can lead to a data breach if your computer/laptop is ever lost, stolen, or infected by a virus.
- Thumb Drives (Without encryption) - Thumb drives (flash drives, jump drives), pose an even greater risk of a data breach because they can be easily lost or stolen.
- Unapproved Cloud Services - Currently, the ONLY cloud based storage system approved for data storage at MUSC is Box – web address is musc.box.com.
BEST PLACES TO STORE SENSITIVE DATA
- First Choice –Protected MUSC repositories, such as Epic or Oacis
- Second Choice – MUSC managed network drives such as the I, N, or U drives
- Third Choice - MUSC email, but only as temporary storage and only the minimum amount of data needed to perform your job. Once you don’t need it, delete it.
- Last Resort - End-user devices with encryption. Sensitive data should not be stored on end-user devices such as laptops or thumb drives unless there is an unavoidable business reason to do so. If this is the case then you need to have enabled, and you should only keep the minimum amount of data needed. Once you don’t need it, delete it.
For more information, please visit please visit BeginsWithMe.musc.edu or visit one of the Information Security Awareness Pledge Centers located around campus. At the centers you can also sign a pledge promising to follow good security practices.
If you know a champion of good cyber security practices, please nominate them as a “Security Mentor” for a chance to win a $20 Cafeteria or Starbucks gift card. Send nominations to firstname.lastname@example.org before Oct. 24.
October 23, 2014