What We’re Doing About Data Security

I’d like to sell you something that you may not want.  It isn’t pretty, it isn’t particularly cheap, it can be a little inconvenient, and neither of us have much choice about it.  But you want it, trust me.  More computer security is good for you.

Over the years 2005-2011, over 543 million electronic records containing private personal information were lost, stolen, or otherwise exposed to people who shouldn’t see them.  For comparison, the total U.S. population is around 313 million, so on average everyone has been affected and some more than once.

Some incidents involved relatively harmless data like names and addresses, but many provided identity theft gems like social security numbers, credit card numbers, and user passwords.  In addition to the obvious risk for victims whose data was accessed, a breach is expensive for the organization involved.  The response costs about $200 per record, so larger incidents can easily cost millions of dollars.

UMF has never experienced a major data breach, and we’d like to keep it that way, so we’re implementing new security changes to stay ahead of the threat. Here are some of the steps we’re taking:

  • All staff/faculty computers are now issued with full hard disk encryption, so if one is lost or stolen, no private data can be accessed.  We also offer help to staff who want to encrypt their current computer.  For Mac folks with with OSX Lion, we have a blog post explaining how to protect your computer using Apple’s built-in FileVault utility, and more tutorials will be available in the future.
  • All new staff/faculty computers also have sleep or screen saver settings that lock access when the computer is not in use and require a user password to unlock.
  • UMF staff are required to pass an information security test, to ensure that they understand what needs to be protected and how best to do so.
  • We recently completed extensive risk assessments of our servers, which allowed us to identify needs and implement additional security where it will be most helpful.
  • Last year we made extensive network changes to prevent unauthorized network access to all computers that process credit card transactions.

Our current security push is part of a larger effort underway on all University of Maine System campuses.  If you’d like to know more about the new System-wide security policies and plans, visit the System’s Office of Information Security web site.

Tom O’Donnell
Senior Manager of Network and Server Systems