Securing User Data

Comments: Comments Off
Published on: April 18, 2013

The webcomic XKCD posted a one-panel strip that serves as a good lesson to our users, and a good reminder for administrators:

XKCD: Authorization

 

When tech directors and school admins talk about securing a laptop (or desktop, iPad, etc.), we tend to think about securing the laptop itself against misuse and mischief. We want to make sure the user can’t accidentally download a virus, mess around with other users’ settings or files, install unauthorized software, or disable hardware or features. For the most part, we think of it as a matter of our own convenience: preventing vandalism and tampering results in less downtime for the machine and, to be honest, less hassle for us.

But what about securing the user’s own data?

We send teachers and/or students home with laptops and make sure they can’t cause too much trouble, but how often do we give them advice on keeping their data safe should they lose the machine or allow someone else to use it? And when I say advice, is there training for the how and why, or is it just a list of rules they can ignore? As the XKCD illustration shows, it’s very possible a user is logged in to multiple services on their laptop, and in many cases all the thief has to do is open the lid to gain access.

Consider the following list of security measures. This is not necessarily an exhaustive list, just something off the top of my head:

  • Password-protected screen saver or lock screen (with strong password)
  • Encrypted home directory
  • Two-factor authentication (where available)
  • Logging out of critical services (credit cards, PayPal, etc.)
  • Not allowing the browser to store passwords or personal information
  • Remote block/signout of services (where available)
  • Account/password recovery email and phone numbers are current
  • Knowing all of your own passwords, or at least having them available! Also…
  • …Secure ways of creating and safeguarding passwords (i.e., no printouts or Post-Its)
  • Backup, backup, backup!

Now ask yourself, how many of these do you practice? How many are you even aware of? If you are a user, are you trained in any of these? If you are a tech leader, are you training your users in any of these? Do your students have any idea what they are, and how they might protect data?

I’m thinking now I might have some ideas for future professional development sessions, or at least information for technology newsletters.

Comments are closed.

Welcome , today is Friday, August 18, 2017