Microsoft to Offer Two-Factor Authentication

Two-factor authentication is a security protocol designed to improve the restrictions to sensitive information, such as a bank account or a website with financial or personal information. It augments a password with a one-time code that’s delivered either by text or generated in an authentication application.

According to a recent news article, Microsoft announced last week that it is rolling out this option to the 700 million Microsoft account users, confirming rumors. The feature works essentially identical to existing schemes already available for Google accounts.

Removing Electronic Paper Trails

Just as you wouldn’t leave a sensitive document in a copier, it’s important not to create an electronic paper trail when using browsers to view or download private information. This is especially important on shared and public computers or mobile devices because of their accessibility to others.

This IS&T News article provides further information and resources for how to configure your browser to remove the bits of information that could compromise your personal information if left behind in the browser’s cache or history.

Back to School: Protecting Kids’ Identities

As back-to-school time approaches, children may be thinking about meeting up with friends to share stories about their summer adventures.  But when it comes to personal information, parents and kids need to be careful about sharing too much.  These days the casual use of sensitive data (like a Social Security number on a registration form, permission slip, or health document) can lead to identity theft, a serious crime that impacts thousands of kids each year.

The FTC has resources available for parents to help them protect their children from ID theft.

Read the full article.

Generation Gap in Computer Security

A broad adoption of digital media and social networking, combined with increasing amount of sensitive data stored online, is making personal computer security more important than ever. But do different generations understand this problem and protect themselves while online? See the infographic (click the image when it opens in your browser to view the full size) provided by ZoneAlarm to find out who is safer, Gen Y or Baby Boomers.

Travel Safely with Your Laptop

Over the course of the summer many of us travel to various destinations and, for work or entertainment purposes, we bring our laptop with us. It is almost common knowledge now that traveling via airplane with a laptop can be dangerous, because many laptops end up lost or stolen at airports.

There are some precautions you can take before you travel, such as removing sensitive data from the computer, registering the laptop with police via STOP, and (if it’s your personal computer) buying insurance coverage for the value of the laptop. Then there are cautionary tips to follow while traveling, such as keeping your laptop with you at all times or locked away in a safe place (i.e., not in a car or lying out in your hotel room) and avoiding using unfamiliar networks for transmitting confidential information.

You can find more of these laptop travel tips via this recent IS&T news article.

You CAN Prevent Data Leaks at MIT

The history of cyber-criminal activity over the past few decades has shown that the bad guys will always find ways into our systems if they really want to, either through viruses, malware, tricks or brute force. This is in spite of our attempts to block such occurrences from happening with secure technology. So is it a losing battle? Not if we cover all bases.

There are three basic steps to ensure that even if a system is breached, no sensitive data is accessed.

  1. FIND IT: Know where the data resides so that measures can be taken to protect it. Take an audit of computers and servers to determine if sensitive data is stored on them or if they are being used to access data remotely.
  2. MINIMIZE IT: Remove all the sensitive data files from the places where they are no longer needed. Either secure delete them altogether or move them to a system that is less likely to be compromised. If you have multiple versions of the data, remove the unnecessary copies.
  3. SECURE IT: Comply with recommended protection methods for securing data, such as limiting access through secure authentication and encrypting systems where sensitive data resides.

Identity Finder is a software tool provided by IS&T that helps take action with all three of these steps. Identity Finder searches for data elements, such as Social Security numbers, passwords and financial account numbers. It reports when such data elements are found and gives the user the choice to shred the files, just remove the sensitive parts, or put the files in an encrypted vault. Identity Finder is supported by a console that provides centralized reporting and remote administration, remediation and scheduling.

Members of MIT who view, store or process MIT business data can obtain a free copy. For questions, please contact idfinder-help@mit.edu.

Riskiest Place for Your SSN?

According to McAfee, the antivirus software company, universities and colleges are at the top of the list of the most dangerous places to give your Social Security number (SSN).

The ranking is based on the number of data breaches involving SSNs from January 2009 to October 2010. Until recently SSNs were used at universities to provide many of their services to students and staff. More awareness around the proper use of a SSN has helped to minimize the collection of these numbers by universities, however there are still many of these records retained in electronic and paper files.

If you are requesting a service, be hesitant about giving your number out so quickly. Ask the requestor what it will be used for and whether it is absolutely necessary. You may be able to just give the last four digits rather than the full number, or an alternative number, such as your school ID number.

If you are offering a service, and collecting a SSN is required, make sure that it is handled appropriately — meaning that access to these records is restricted and the security protecting them is strong enough to minimize the risk of exposure and identity theft.

Learn about information protection at MIT.