Presentation on theme: "Data Security Audit October 13 th, 2010 Thompson School District."— Presentation transcript:
Data Security Audit October 13 th, 2010 Thompson School District
Data Security Audit Anne Gallagher - IT Auditor from Swanhorst & CO Interviewed AP/HR/Purchasing personnel Focus on making sure we do our due diligence to protect the data that we collect and manage that could be used in identity theft SSN/Bank Account/Date of Birth/Federal ID (TIN) (Think about what questions are posed to verify your identity over the phone)
Data Security Audit We are the appointed custodians of sensitive information and we must act appropriately Most thefts come from inside Never give out your password and reset it often to prevent unauthorized access Protect sensitive information in your work area Don’t leave sensitive information on your computer when you step away
Data Security Audit Processes to be mindful of include: Transferring sensitive data to flash drives Transferring sensitive data to laptops Transferring sensitive data to vendors/3 rd parties Avoid sending through US Mail or E-mail Avoid Faxes both incoming and outgoing unless the fax machine is in a secure location Use secure websites or file transfer programs Use secure locations on network to store data, avoid storing files containing sensitive information on your local drive
Data Security Audit Reports/Hard-Copy Forms Because we cannot eliminate the use of sensitive information, we must protect it on hard-copy forms. Hard-copies should be locked up or placed in a secured area when not in use. Consider physically masking sensitive information Sharpie cover-up Stickers
Data Security Audit Reports/Hard-Copy Forms Destroy hard-copies as soon as no longer needed or retention dead-line passes Hard-copies that need shredding should be locked up or placed in a secured area until collected. Limit the number of people handling hard-copies Review if sensitive information can be removed from reports/forms
Data Security Audit Changes to better protect our data? Review your processes/forms Obtain locked shred collection bin Reconfigure workspaces to limit public access to hard-copy documents Desktop shredders Your thoughts?