Securing Sensitive Data

A guideline of some measures you can take to securely store and move data that is considered sensitive.

Reviewed by Bil Hays 04/29/2014

See also the 2011 Memo: Understanding Information Security at Carolina

If you have data that is considered sensitive, here are some tips for keeping those data secure, with some references to relevant campus policies. See our checklist for general guidance on what kinds of data are sensitive, or the ITS Security policy defining sensitive data for detailed information, but the most common forms of sensitive data we use in Computer Science are student data such as grades and personnel information such as performance reviews. You might also consider what data you have about yourself.

Also, all data, sensitive and otherwise, are covered by the CS Data Retention Policy.

Sensitive Data on Portable Devices

Campus policy strongly recommends against keeping sensitive data on portable devices such as laptops and smart phones, and portable storage devices such as flash drives or external hard drives. Instead of keeping sensitive data on your laptop, for example, consider whether or not keeping sensitive data on a workstation or server would work for you.

That being said, we know that many people use a laptop as their only computer, and storing data remotely may not be practical.  If you need to store sensitive data on a laptop or other portable device, those data should be encrypted.

Full Disk Encryption

According to Campus Policy, if you process or store sensitive data on a Windows laptop, full disk encryption is required, and under Linux or MacOSX, full disk encryption is recommended.  If you wish to pursue full disk encryption, ITS provides PGP based disk encryptions software. OS X users can also use FileVault. Current versions of Windows supports Bitlocker. The major advantage to using full disk encryption is that caches and other temporary files are encrypted as you work with documents.

Other Options

Another option is to use encrypted folders or home directories, or to use a USB drive that supports hardware encryption, such as those provided by Ironkey. Regular USB keys can also be formatted as encryted volumes. Users of linux and unix system can take advantage of encfs and fuse, see docs for ubuntu and OS X. Another option is Truecrypt. The difference between Truecrypt and encfs is that Trucrypt creates a monolithic encrypted container and encfs encrypts individual files. The former is more secure and can be used to encrypt entire drives, while the latter lets out some metadata (approximate file length, for example), but is easier to backup or sync.

Laptop users should also consider using installing Prey as it can help locate or even wipe a laptop remotely.

Cellphones and PDAs are easy to steal or to lose, so if you use one to access sensitive data, please see the ITS document on securing them.

If you keep sensitive data on external hard drives, usb keys, DVDs, or any other portable medium, you should label the media with your email address (or help@cs.unc.edu). That way it will be easier to keep up with, and we have a chance of getting it back if it is lost. If the media is not encrypted, keep it locked up when not in use. If you need a method for physical security, such as a locking file cabinet or desk drawer, send email to help. If you need to dispose of such media, please contact computer services–simply deleting files is not sufficient, as files can be recovered.

Sensitive Data on Desktops, Workstations, and Servers

Requirements for desktop and other machines that are in locations with a measure of physical security are not required to use encryption to protect sensitive data, but do include use of strong passwords, locking screen savers, and disabling autologin. Large quantities of sensitive data should be stored on a server in a secure location, if you have a need for such storage, please contact help@cs.unc.edu. If you are storing sensitive data on a university owned system that is accessed by people other than yourself, please contact Computer Services so we can make a note of that system for auditing purposes.

Transferring Sensitive Data

Sensitive data should be protected in transmission, from the point of origin to the destination.  Many systems, such as WEP and WPA wireless connections can provide a measure of protect for part of a transfer, but not for the entire path. The best way to secure such connections is to use a protocol that can protect the along the entire route.

  • For accessing sensitive data with a browser, make sure you are using SSL (if the URL is https:// and not http://, you are).  Most servers will enforce this, but not all do.
  • Email is generally not considered a secure means of transferring data.  Even if you use an encrypted connection to read and send email, there’s no guarantee that the person to whom you are sending the data does, and most mail transfers between mail servers are not encrypted.  You can encrypt mail messages using PGP, but that is not supported by ITS, and may require an exchange of public key data before sending the message.
  • Using a server as a transfer point is a good way to move sensitive files, if you use SFTP or other encrypted connection to move the files.

Disposal of Sensitive Data

Retention of all data is subject to the department’s data retention policy. In the case of secure data, please take adequate precaution when disposing of data media. Send email to help if you are unsure of how to dispose of sensitive data, but here are some general guidelines.

  1. Paper We have a shredder in SN107. Alternatively, sensitive paper work can be boxed up for pickup for secure recycling. Computer Services can provide boxes for this purpose. Please label the box “Confidential-Shred” and tape it closed, and we will come pick it up. Do not leave such boxes in an unlocked space.
  2. Hard Drives All hard drives, internal or external, should be passed to Computer Services so that we can perform multiple writes across the entire disk.
  3. USB Keys, DVDs, CDROMs External media of this type should be physically destroyed. Simply cracking the media is insufficient. Computer Services can handle these media as needed.