Physical Security
Physical protection of machines, hard drives, and media is just as important as electronic protection of networks. Here are some tips for protecting yourself and data:
- Use screen locks on all devices. When leaving your computer, lock your screen or configure a screensaver password. Use PIN or password locks on phones and mobile devices to protect any personal and sensitive information they contain.
- Secure your devices. Keep your devices, like laptops and tablets, with you at all times while traveling or working off site. Many data breaches stem from stolen or lost devices.
- Make backups. What would happen if you lost your laptop or your hard drive crashed? The best backup system is one you will actually use. Find one that works for you and talk with your supervisor about what backup options are available in your unit. Common practices include storage on network file space, certain approved cloud space (e.g., Google Drive) or CrashPlan Pro. Your NC State Google account also comes with unlimited storage in Google Drive. Refer to the Data Sensitivity Framework for approved data storage locations.
- Protect your backups. If you use portable data storage devices like USB sticks or external hard drives, protect them with encryption, maintain physical custody and require passwords to access the content.
- Encrypt. When possible, encrypt drives and devices. Encryption scrambles data so that it cannot be read by unauthorized users.
Not all data can be treated the same way. If you need to store sensitive data, like PII, HIPAA, FERPA, and GLBA data, be sure to review the Data Sensitivity Framework, which specifies approved and unapproved storage locations.
- If you are disposing of electronic media that contains sensitive data, you must send it to OIT for approved disposal. Media that can be sent to OIT includes hard drives, USB drives, CDs and DVDs. Visit OIT Electronic Media Disposal Process for Campus to find out more.
- Before NC State-owned computers can go to University Surplus for re-use or sale, they must first be certified as cleaned. This may involve removing and destroying the hard drive or using special software to delete the data entirely. It is the responsibility of individual departments, units, or employees to prepare items for surplus. Visit Data Removal for more information.
You must be logged into to complete this assessment.