Protecting sensitive data is the end goal of almost all IT security measures. Two strong arguments for protecting sensitive data are to avoid identity theft and to protect privacy.
The improper disclosure of sensitive data can also cause harm and embarrassment to students, faculty, and staff, and potentially harm the reputation of the Institute. Therefore, it is to everyone's advantage to ensure that sensitive data is protected.
1. Data security is fundamental
Data security is crucial to all academic, medical and business operations at MIT. All existing and new business and data processes should include a data security review to be sure MIT data is safe from loss and secured against unauthorized access.
2. Plan ahead
Create a plan to review your data security status and policies and create routine processes to access, handle and store the data safely as well as archive unneeded data. Make sure you and your colleagues know how to respond if you have a data loss or data breach incident.
3. Know what data you have
The first step to secure computing is knowing what data you have and what levels of protection are required to keep the data both confidential and safe from loss.
4. Scale down the data
Keep only the data you need for routine current business, safely archive or destroy older data, and remove it from all computers and other devices (smart phones, laptops, flash drives, external hard disks).
5. Lock up!
Physical security is the key to safe and confidential computing. All the passwords in the world won't get your laptop back if the computer itself is stolen. Back up the data to a safe place in the event of loss.