Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do You Deal With Sensitive Data?

Posted by ryuzaki0 on from the just-turn-off-db-access-for-everyone dept.

imus writes "Just wondering how most IT shops secure sensitive data (customer records). Most centrally managed databases seem to be monitored and maintained very well and IT workers know when they are tampered with or when unauthorized access occurs. But what about employees who do legitimate selects from these databases and then load CSV files and other text files onto their laptops and PDAs? How are companies dealing with situations where the database is relatively secure, but end-use devices contain bits and pieces of sensitive business data, and sometimes whole segments? Does anyone use sensitive data discovery software such as Find_SSNs or Senf or other tools? Once found, how do you deal with it? Do you force encryption, delete it or prevent extracts?"

3 of 226 comments (clear)

  1. Unless of course, you're.. by Channard · · Score: 5, Informative

    .. The UK Government. 600 lost laptops over the last ten years! Including two from the MOD with very sensitive data on them. And that's just electronic data. Despite the public being told how important shredding documents is, some commercial enterprises seem to be just chucking sensitive data out in the bin, unshredded.

  2. Re:Policies by cool_arrow · · Score: 3, Informative

    It's a good idea to limit who gets your ssn. I'm having surgery done on my knee in a couple of days which has entailed seeing 4 docs at 4 diff offices (MRI etc). They all want your SSN when filling out their paperwork - I simply didn't put mine down on any of them. Two of them brought it to my attention and my response was "I don't give it out". Didn't have a problem. I could see if I wanted credit or was borrowing money from a bank. Otherwise don't be too eager to give it out.

  3. Encryption, encryption and common sense by trydk · · Score: 3, Informative

    I work as a contractor for a number of companies and need to take sensitive data home (like their customer contracts, proposals, etc.) on my laptop.

    To make sure I do my best to keep their data away from others (especially since I travel a lot), I encrypt twice. First I encrypt the hard drive (before booting the OS) and then I encrypt the individual customer's files in separate "containers".

    Truecrypt has a nice feature for its encryption of containers (I use files with uninformative names like turbo.dat, haiku.wav, just for the fun of it) that it will automatically unmount the containers when the computer is put into sleep mode or hibernation, which means that no customer data is accessible when I am travelling.

    And regarding common sense: I do not keep any unecessary data on my laptop. I do not copy unneeded data to it and I remove all unneeded data immediately. I keep the different customer's data in separate cointainers and do not open different customer's containers at the same time to reduce the exposure, should somebody steal the laptop from my hands. I keep it locked to a big object whenever I work at a fixed place for some time and always before I leave it out of sight. I lock the screen every time I leave it.

    And guess what? It doesn't take too much time either.