May 29, 2006

Dear Colleagues:

As many of you are aware, private information on 26.5 million people was recently compromised when burglars stole a laptop computer from the home of a U.S. Department of Veterans Affairs analyst.

This should remind all of us of the importance of using some good common sense in handling and safeguarding sensitive data (for example, Social Security numbers, student or patient information, and Johns Hopkins financial or personnel information).

One of the most common compromises of sensitive information is the loss or theft of mobile devices such as laptops, USB "flash drives" and CDs. Laptops, especially, are targets for thieves. There is some risk any time that data is stored on a mobile device, so the best thing to do is to avoid saving sensitive data on these devices.

If you do need access to sensitive data or files from somewhere other than your Johns Hopkins desktop, please do not carry them on a mobile device. Instead, please work with your IT administrator to ensure that they are stored on a managed file server that you can securely access from both Johns Hopkins and remote sites.

If you feel you must store sensitive information on a mobile device, please make sure that the directory or file is encrypted and password-protected. All of the major operating systems have tools that will allow you to encrypt files on laptops. Applications that compress files such as Winzip also provide protection for CDs and other storage media. Please consult your IT administrator regarding tools that will work best for you.

For more tips, please see http://www.it.jhu.edu/infosec/tips/encryptguide.html

Sincerely,
Stephanie Reel
Chief Information Officer