Security Awareness Campaign April 2018:
Spring Cleaning - Be Green, Not Blue
Your district-owned laptops have full disk encryption enabled. You may want to think about implementing the same security safeguard on your personal devices.
Make sure saved copies of your tax filings, personal photos and other sensitive files can't be retrieved by the next person with access to your computer's drive by making the drive unreadable to anyone else. Dragging files to the trash or recycle bin doesn't remove data-it just removes the retrieval path to the file and marks that storage space available for other data to occupy sometime in the future. Your pirate treasure is still buried, but the map is missing.
Today's "delete/overwrite" protection comes most reliably from full disk encryption, which encrypts all data on the machine-including the operating system and temporary files you weren't even aware you created. Even if someone removes the drive and puts it into a different machine, the encryption remains in place.
Encrypt the full disk now using built-in functionality. Create a strong passphrase or password, since this becomes the decryption key! Everything will be encrypted, including the operating system, so you will have to "unlock" the encrypted drive with your personal passphrase every time you start or boot up your computer. Save the generated recovery key somewhere secure (like a password manager), in case you forget your password and need to access the data on that machine. Here are instructions for some of the most common built-in encryption functions:
- FileVault2 (Mac OS)
- BitLocker (Windows 10 and Windows 8 Professional)
- BitLocker (Windows 7 Ultimate)
Failsafe: Remove and destroy the drive. Most retail stores that accept computer donations for safe recycling will remove the drive and give it to you for secure destruction-just ask them to do that. Smash it, drill it or hold onto the drive until there's a secure shredding event at work or in your community.