Breaches in electronic information security are becoming increasingly common, and universities are frequently targets because of the complexity of our environments and the breadth of our distributed information systems. Security breaches can happen not just because of malicious attacks from the outside, but also due to behaviours stemming from a lack of awareness on the part of people on the inside. In fact, by far the most common type of security breach in educational institutions is that of unintentional disclosure.
ITServices, in conjunction with the Senate Information Technology Committee, has been identifying and developing policies needed to address concerns about protecting electronic information, especially information that is considered "personal and confidential." As part of this process, ITServices recently published Electronic Information Security Guidelines on its website in an effort to help the Queen's community understand the risks inherent in the handling and managing of electronic information. The Guidelines' recommended practices for the storage, transportation and disposal of electronic information will help safeguard information from a variety of exposure risks, including those stemming from unintentional disclosure and theft.
One area of potential risk is in the disposal of defunct computers and hard drives. When aged departmental computers are discarded, the sensitivity of the data on those computers must be assessed. In order to combat the risk of a security breach in this situation, ITServices has initiated new services to ensure that secure hard drive destruction and disposal are available to every member of the Queen's community. This will be achieved through the use of a machine known as a degausser, which removes data from hard drives by means of electro-magnetic energy, thus obliterating the data without the possibility of recovery and rendering the drive unusable. ITServices is offering free degaussing for any computer or hard drive brought in by a member of the Queen's community, and, if desired, disposal of that computer or hard drive will also be arranged.
Another area of significant risk occurs when electronic devices containing work-related materials are taken home or on trips. This was made clear last year in the case of a physician from Toronto's Hospital for Sick Children when, while in Pearson International Airport, he lost an external hard drive containing the personal health data of 3,300 patients. Incidents of this nature can easily lead to unintentional disclosures and other security breaches if appropriate safeguards are not in place. One measure to protect sensitive data is to encrypt that data so that it is not accessible by others who may gain access to your computer, whether that access is by a family member or as a result of loss or theft. Another option is not storing any confidential documents on your personal computer, but instead accessing them through a password-protected online storage system such as QShare.
Being mindful of security issues is the first step toward adopting more secure computing practices. Please consult the ITServices website or call the IT Support Centre (613.533.6666) for more information on Electronic Information Security Guidelines, secure hard drive destruction and disposal, and other services relating to safe computing practices.