For example, the smart phone that you are carrying around is a little computer. Think about what you can do and what is stored on a smart phone. Do you text on your phone, store pictures, handle work and personal e-mails, or keep a contact list of work colleagues and clients?
It is not just smart phones, but how many people carry around flash drives with important data, laptops for work, or now, the ever popular iPad or other tablet computer?
All of these devices are great for ease of use and availability of information, but if you work with sensitive information at the University of Louisville, you need to remember this: If it is easy for you to access, it is easy for someone else to access, as well. UofL must adhere to more than 350 federal, state and local regulations, so if data is stored on any of these devices it needs to be protected.
To ensure the sensitive information is protected, consider these questions:
- Is the data encrypted? Most regulations and contracts require data covered under the regulation to be encrypted.
- Do you forward your university e-mail to your phone? If you do, you need to make sure your phone is encrypted.
- Do you forward your e-mail or store sensitive data on a flash drive, tablet computer or laptop? If so, you need to make sure the data contained on the device is encrypted.
- Do you forward your work e-mail to your personal e-mail account? If so, the e-mail is going into an unprotected environment that would not be considered secure. Under HIPAA, FERPA and PCI, this would constitute a breach of protected personal data.
There is a common theme in the answers to those questions: Encrypt your sensitive data.
It is very important to make sure your data is protected to the fullest extent possible. Every day there is a new breach of patient, student or customer data. If the data were encrypted, there would never have been a breach. If you think data breaches and compromises are not that big of a deal, think of it this way:
The Mexican drug cartels are a $400 billion per year industry, and that is all over the front pages of the news. Cyber-attacks and data breaches are a more than $600 billion per year industry and only about 2 percent of the hackers ever get prosecuted. It is not a question of if someone will try to access your computer, but it is a question of when, so protect it.
I know computer security is always too much, until it is not enough. A couple of preventive measures can save you from months of headaches if the sensitive information is breached. Please contact UofL’s Information Security Office with any questions or concerns.
(Editor’s Note: This is the third in a series of articles for Compliance Awareness Week at UofL.)