Keeping sensitive data safe from inappropriate access and disclosure is of the utmost importance. Virginia Tech has many policies, procedures, and standards in place to protect sensitive data. It is the responsibility of everyone handling sensitive data from Virginia Tech to be familiar with these policies, procedures, and standards. It is important to find out what sensitive data you are handling and what steps are needed to protect it.
Where to start?
There are 6 specific data elements that Virginia Tech has protected with the “Standard for Transmitting and Storing Personally Identifying Information”. The data elements covered under this standard are:
- Social Security number
- Credit card number
- Debit card number
- Bank account number
- Driver’s license number
- Passport number
Why might I have this data?
Virginia Tech does not typically use Social Security numbers in its daily operations. It is important to recall that Virginia Tech formerly used Social Security numbers as identification numbers. What files might you have that would contain the “old ID numbers?”
- Personnel files?
- Student work or student grade files?
- Accounts receivable files?
- Have you ever stored credit (or debit) card numbers? Did you make travel arrangements for yourself or others that may have included such information? Have you made purchases where storing such a number may have occurred?
- Arranging travel may also have led to recording and storing passport numbers—check likely places.
- Are any of these files defined-as-originals that must be kept for a defined period of time? Has that period of time expired? If so, remove them. If not, where can these data be kept more securely?
Tips for types of files
Technology has allowed people to become digital packrats. It is not uncommon for people at Virginia Tech to have files that dating back years. It can be challenging locating sensitive information among the large array of files and file types.
- Spreadsheets may have “hidden” columns, rows, or cells that may contain covered data, but not be visible on first opening the file.
- Be sure to review potential locations for covered data in e-mail files, including archived files that you may have kept on your device.
Scanning for SSNs and credit/debit card numbers with one of the tools designed for this purpose is a good way of finding portions of covered data. Some notes may be helpful:
- All scanning tools will generate “false positives”—that is, strings of numbers that match possible SSNs or credit card numbers, but are something else entirely. False positives may be:
- Numbers you can see in the document that are clearly something else (a serial number, for example);
- Numbers you cannot see and are part of the embedded computing instructions within the document.
Remember to use common sense about removing SSNs and credit/debit card numbers.
- No scanning tool covers all information that may be sensitive - typically, they cover SSNs and credit/debit card numbers.
- No scanning tool covers all types of files. Scanning e-mail files is unusual; other tools may not scan PDF documents or even PowerPoint files. view comparison
To help discover sensitive data, Virginia Tech has purchased a site license for Identify Finder. Identity Finder is commercial software that can help discover and mitigate sensitive data. Identity Finder is available to Faculty and Staff at Virginia Tech. Learn more
The IT Security Office strongly encourages faculty and staff can download the Windows or Mac version of Identity Finder at http://network.software.vt.edu
. This is an important step to identity information that needs to be protected.
Finding and protecting sensitive data can be challenging. FIND_SSNs is a tool developed to help discover sensitive data on systems. Find_SSNs searches for U.S. social security and credit card numbers. It may help individuals and organizations find sensitive numbers in files on computers.
The complexity of Virginia Tech’s IT systems offers a special security challenge to those who manage them. Virginia Tech’s IT professionals are charged with helping the student population as well as the faculty and staff. IT Professions constantly need to keep current on system vulnerabilities to know how to keep system assets and data secure.
TrueCrypt is an open source encryption solution that is easy to use and works on Windows, Mac, and Linux. It can be obtained by visiting www.truecrypt.org and can be a useful tool to help protect Virginia Tech data.