Computer News No. 124 Nov.-Dec. 2006
|
Computer News No. 124 Nov.-Dec. 2006 |
Special Attentions Needed in Using Portable Storage Devices
1. Introduction - portable storage devices can be a huge security risk
As portable storage devices like memory sticks or USB flash drives are becoming more popular, the Computer Centre has received quite a number of lost and found property reports recently. Some users reported loss while some users reported finding such devices left behind in the PC laboratories.
Portable storage devices such as memory sticks, USB flash drives, external hard drives, digital audio players and even notebook computers can be a huge security risk. They can transfer computer viruses and Trojan horses from PC to PC, just as a floppy disk can. Portable storage devices are usually small and they are easy to misplace, leave behind and forgotten. If important documents with sensitive data are stored in the devices, they can fall into the wrong hands. This may lead to fraud, identity theft and data theft.
Figure 1: USB flash drives
It is recommended to encrypt the personal or sensitive data on portable storage devices so that even if the storage devices are lost, the encrypted data would not be disclosed.
Losing such devices can be a big headache for the organization or the individual user involved. For example:
- In April 2006, portable storage device holding sensitive and classified American military data turned up for sale at a shop outside Bagram, Afghanistan. The American military has since tightened security for portable storage devices. See news article “U.S. military buys back stolen flash drives with sensitive data in Afghans shops” for more details.
- In May 2006, the personal data of 6,500 current and former University of Kentucky students, including names, grades and Social Security numbers, were reported stolen after the theft of a professor’s portable storage device. The device has not been recovered. See University of Kentucky News for more details.
2. Prevention of loss of portable storage devices
It is important to keep your portable storage devices carefully. The following are recommendations to prevent loss of portable storage devices and data:
- Do not leave your portable storage device unattended or out of your sight.
- Remember to remove your portable storage device from PC immediately after use and keep it in a safe place.
- Use access control programs to secure and preserve personal and sensitive data.
For example:
- Use encryption programs or file compression programs with encryption. Modern file compression programs such as WinZip supports 128- and 256-bit key Advanced Encryption Standard encryption. For more information, see WinZip web site.
- Microsoft Office offer several features to help restrict access to Excel, Word, and PowerPoint files through the use of passwords or encryption. For more information, see Microsoft web site.
- Use password-locking programs.
3. Report of Found Properties in the PC Laboratories
If you have left any property in a PC laboratory, you can contact the Computer Room at Room RR-108, Run Run Shaw Building, (phone 2859 2496) as soon as possible to see if anyone has returned found properties to the Computer Centre.
If you have found some unclaimed properties lying around a PC in the PC laboratories, you should report it to the Computer Room or the Security and Parking Unit of the Estates Office at G/F of Kadoorie Biological Sciences Building. Retaining found properties without authorization is a criminal offence.
Unclaimed properties found in the PC Laboratories will be sent by the Computer Centre to the Security and Parking Unit of the Estates Office at G/F of Kadoorie Biological Sciences Building the next working day.
The Security and Parking Unit of the Estates Office maintains a web site of found properties in the University. The web site was developed with the help of the Computer Centre. It is accessible through the Estates Offices Website (http://www.hku.hk/estates => Security and Parking => Lost & Found). Users can browse the web site to see the current list of found properties, sometimes with photographs of the found properties. It saves time in going to the Unit for checking the found properties.
|
|
