Background
As handlers of sensitive payroll and tax information it is necessary to incorporate practices that guard data while stored on your computer and also ensure that these files are truly inaccessible once they are deleted.
Best Practices For Storing Sensitive Information
If an authorized user can gain physical access to your computer which is not properly secured this user can extract data from the computer even if you are logged out. For example, one way this is possible is for the user to insert a ‘hacking’ USB drive into your computer, power cycle, and then utilize hacking software to read files on your computer. For this reason and others your computer should incorporate some sort of disk encryption. Once the data is encrypted it is inaccessible to this type of hacking.
You should encrypt either your entire hard disk, or at the very least encrypt those folders that you use to hold the sensitive information while you work on it. You should also be sure that the download folder for your browser(s) are encrypted because this is the default location for payroll and other sensitive files downloaded from FileDepot. Two Microsoft products that are commonly used are BitLocker, which encrypts the entire disk, and EFS (Encrypting File System) which encrypts selected folders. There are also other products out on the market. Contact your IT Department for their recommendations and for installation. Several BPP employees have requested our local system administrators to enable BitLocker encryption on our workstations and have noticed no degradation in performance and in fact no unusual behavior at all.
Best Practices For Complete Deletion of Sensitive Information
One might assume, wrongly, that if a file is deleted (moved to the Recycle Bin) and then emptied from the Recycle bin that it and it’s sensitive data would be effectively erased from your computer. The fact is that this file can still be retrieved using special utilities. To ensure that this sensitive data is completely destroyed it is necessary to use a special application that effectively ‘shreds’ the storage locations on the disk by writing random data over those locations. These applications are called shredders and they make the original content irretrievable. Again, we suggest that you contact your local IT administrators for recommendation and installation of shredder software. One such application is called simply ‘File Shredder’ (http://www.FileShredder.org) and is being tested by System Office BPP employees.
Using a Shredder With File Depot Files
This section describes how to practically handle and delete sensitive files downloaded from File Depot using a specific shredding application.
- Installation of File Shredder v2.5: For this example we use the file shredder available at this website. Be sure to use the download button that is below the Donate button. After download, open the installer file and execute it. You will need administrative access to install this application and therefore may require the assistance of a local system administrator. Follow the standard instructions supplied with the installation process. As part of the installation process new context menus will be added to your Explorer application that will allow you to easily shred files by simply right clicking on them.
- Download a file from FileDepot: Log on to FileDepot through normal means and navigate to a repository that contains files with personal information. This can be any file that you typically use that contains payroll or tax information. Make note of the file location to which the downloaded file is actually saved, which is typically the Download folder of your browser.
- Use the file as you would in your typical workflow.
- When finished with the file you will want to shred it electronically. Open the folder which contains the file you wish to delete:
– For Chrome on Windows you can simply press Ctrl + J to list your downloads. Click on the ‘Show in folder’ link under the file you need to shred. This will launch an Explorer window that will have your specific file of interest selected. - In the Explorer window, right-click on the file to be shred and select ‘File Shredder’ from the context menu followed by the sub-menu ‘Secure delete files’. Select ‘OK’ to confirm. You may or may not actually see a File Shredder dialog box pop-up and display the status of shredding your files; for very small files the process is so quick that this dialog may not be noticeable, but for larger files you can see the progress bar of the shredding process.
- That’s it. You can be assured that the file you shredded is no longer stored on your computer in any accessible format.
Summary
- Work with your local IT support staff or security officer for help implementing these procedures
- Use a computer with an encrypted hard drive or encrypted folder.
- Download files from File Depot into the encrypted hard drive or folder.
- Upload the files to the destination quickly. Do not leave the files on your local computer for an extended period of time.
- Do not put the sensitive data on local shared drives or other computers.
- Remove and delete the data from your computer using a “file shredder” or a similar application.