Contributed by Marissa Benson, Senior Systems Administrator on the Technology, Security and Risk Team, McMaster University
From financial records to meeting notes, all of us face the need to store sensitive data. As part of our third week of security tips and tricks, I wanted to share a bit of information around data storage and why it’s so critical to help you stay safe online.
Computer data generally follows a privacy classification, depending on the sensitivity of it. According to this classification, data needs to be protected during storage and even when “in transit”. For example, a researcher completing an offsite interview would need to ensure their data is protected on their bus commute back to a secured server at the university.
While it might seem obvious that personal passwords should be stored carefully — other seemingly innocuous types of data, such as meeting notes, could also be a potential security risk if stored inappropriately.
To help users better identify the types of data being handled, McMaster University uses policies and regulations to govern, regulate and control how data is stored and shared. Here are McMaster IT Security’s top tips to store your data safely and securely:
Tip #1: Be informed
It is important to be informed about the type of data that is under your control. Here are some questions to ask yourself when determining the type of data you are handling and how to best secure it:
As you are asking these questions, determine what category your data fits into, as per McMaster’s Information Storage Guidelines:
Tip #2: Place security controls on your data
Applying proper security storage mechanisms is paramount to protecting the confidentiality, integrity and availability of data. The CIA triad is a model used in the IT Security world for guiding organizations on how to best secure their assets.
Confidentiality ensures that your data is only accessed by the appropriate people. Integrity of data ensures that data remains complete and has not been modified in any way. Availability ensures that the data is available whenever it is needed.
Placing the appropriate security controls around data using the CIA triad as a guide can help you reduce the risk of data getting into the hands of the wrong people. Here are some ideas of technical controls you can apply to your data:
Importantly, the above controls should not only be used for the data itself, but also for the system(s) where the content is being stored. A vulnerable server or compromised desktop could lead to your data being exposed and could cause irreparable financial or reputational damage.
No one is immune to the misuse of data whether it be a billion-dollar corporation or a small not-for-profit organization. Following the steps above will help prevent your data from getting into the wrong hands. Just remember: a well-thought-out storage security plan minimizes the risk of your data being exfiltrated, modified or corrupted.