Summer 2008 [Number 241] Printable version (598KB PDF) Download Adobe Reader Please note that this issue of Interface is an archived issue. Therefore, the information contained in each article may no longer be current.
Keeping Your Laptop and Data Secure
Laptop computers offer the convenience of mobility, connectivity and technology—virtual offices on the road—but these qualities also make them vulnerable to the risk of loss or theft. Losing possession of your NIH-issued laptop creates opportunities for wrongful or malicious access to NIH data. The recent theft of an NIH employee’s laptop containing sensitive patient data has led to a renewed focus on ensuring the installation and use of full-disk encryption on all NIH laptops (unless a waiver is in place). However, beyond encryption, laptop users need to be aware of precautions they should be taking. Anyone who has in their possession an NIH-owned laptop should take a few minutes to review the recently revised, NIH Laptop Computer Security Brochure (http://irm.cit.nih.gov/security/laptop_sec_broch.doc).
The brochure includes useful tips on preventing theft or loss, data protection, NIH policy requirements and resources for assistance. Excerpted from this useful brochure is the following basic advice on keeping your NIH laptop, and the sensitive information stored there, safe.
Preventing theft or loss
It only takes a moment of distraction for your laptop to vanish. No one thinks their laptop will be stolen—at least not until they find the trunk of their car broken into, notice that their laptop isn’t waiting at the other side of airport security, or get a refill at the coffee shop only to turn around and find their laptop gone. Always assume thieves are watching and waiting patiently for your moment of distraction.
If Your Laptop is Lost or Stolen: Immediately notify: the NIH Help Desk, your supervisor and your Information Systems Security Officer (ISSO). As soon as possible, notify law enforcement personnel, the building security office and your IC property manager.
Protecting data and external media
NIH policy requirements
The brochure addresses various policies that apply to the use of NIH-owned laptops, including requirements for asset tags and property passes, warning banners, automatic updates of anti-virus software, wireless and remote access to NIHnet.
All government-owned laptop computers must have fully functional encryption software installed. Sensitive information, including personally identifiable information, cannot be stored on any laptop or portable/mobile device unless it is encrypted. PointSec encryption software currently in use for Windows 2000, XP, Vista and Linux, will soon be available for Macintosh platforms.
Resources and assistance
While using an NIH-owned laptop has incredible benefits, remember that it’s also a privilege that comes with responsibilities. You are accountable for your laptop, the data that resides on it and the security of its connectivity to other sources—most notably NIHnet. Laptops are stolen every day and the vast majority are never recovered. The value of the laptop itself pales in comparison to the incalculable costs of lost data, a breach of sensitive information and/or unauthorized access to NIH networks. Laptop security should be an ever-present concern. When you think it’s secure—think again and make doubly sure you have taken every necessary precaution.
If consulting the NIH Laptop Computer Security Brochure leaves you with further questions, CIT offers a number of other resources to address security concerns:
Information System Security Officers: http://irm.cit.nih.gov/nihsecurity/scroster.html
Information Security website: http://www.cit.nih.gov/security.html
Information Security and Policies: http://irm.cit.nih.gov/security/sec_policy.html
If you have further questions or are unsure how best to secure your laptop and the data it contains, ask the NIH Help Desk at http://ithelpdesk.nih.gov or by phone at 301-496-4357, 301-496-8294 (TTY) or toll free at 866-319-4357.
Note: To view the Word document linked above if you do not have Word installed, you can download Microsoft's Word Viewer.
|Published by Center for Information Technology, National Institutes of Health|
NIH...Turning Discovery into Health