Protecting sensitive data is the end goal of almost all IT security measures. Two strong arguments for protecting sensitive data are to avoid identity theft and to protect privacy.
The improper disclosure of sensitive data can also cause harm and embarrassment to students, faculty, and staff, and potentially harm the reputation of the Institute. Therefore, it is to everyone's advantage to ensure that sensitive data is protected.
1. Data security is fundamental.
Data security is crucial to all academic, medical, and business operations at MIT. All new and existing business and data processes should include a data security review. This ensures MIT data is safe from loss and secured against unauthorized access.
2. Plan ahead.
Create a plan to review your data security status and policies and create routine processes to access, handle, and store the data safely. Archive unneeded data. Make sure you and your colleagues know how to respond if you have a data loss or data breach incident.
3. Know your data.
The first step to secure computing is knowing what data you have and what levels of protection are required to keep the data both confidential and safe from loss.
4. Scale down.
Keep only the data you need for routine current business, safely archive or destroy older data, and remove it from all computers and other devices (smart phones, laptops, flash drives, external hard disks).
5. Lock up!
Physical security is the key to safe and confidential computing. All the passwords in the world won't get your laptop back if the computer itself is stolen. Back up the data to a safe place in the event of loss.