Thursday, March 24, 2011

Encrypting School Confidential Data

Update 05/28/2014 - TrueCrypt is now defunct

Update 01/3/2012: I now recommend the free, open source AESCrypt in lieu of AxCrypt/NCrypt as a simple, easy to use cross-platform encryption tool. Find out more here.

A part of me cringed a bit when I read the following:
A disk holding the Social Security numbers of thousands of current and former high school students in the Laredo Independent School District — a total of 24,903 — has gone missing, according to the Texas Education Agency.  (Source: The Texas Tribune)
The loss of confidential data is unfortunate. While a lot of time may be spent finger-pointing, a few simple actions could have made the loss of the CD a moot point. With some simple free, open source software, the data written to CD could have been encrypted...and encrypted data that is lost need not be reported.

The applications?

If on Windows computers, use one of these tools:
  • - Allows you to create an "encrypted" container where you can save the information. Make a phone call, or send the password via email, to provide information on how to get into the encrypted container. Use TrueCrypt for large files or folders of files. Read tutorial or view tutorial video. (or this video)
  • AxCrypt - Install this program on your computer and then right-click to encrypt the file. Share the password via phone or email. Don't include it with the media, obviously. Works great for individual files or compressed file (e.g. zip or 7z). Watch this video tutorial.
  • GPG4Win - This requires a bit more sophistication on the part of both parties, but use this program to encrypt the data file using the public key of the recipient and the sender. This technology has been around for a LONG time since poor Phil Zimmerman got it all going with "Pretty Good Privacy" or PGP. View video tutorials.

If on Mac, use or MacGPG. If you use GNU/Linux, and KGPG (sudo apt-get install kgpg if on UbuntuLinux) work great.

Another possibility is to use Secure FTP to transfer encrypted files. If dealing with data, you can also slice it up into multiple compressed files using (compressing is not enough) then encrypt the pieces, decrypting them upon arrival.

It's easy for folks to get angry about lost confidential data. It takes only moments to use one of the approaches above to secure it. If you have confidential data on your computer, at the very least, use TrueCrypt to protect your data. Try the other solutions to go further.

Get Blog Updates via Email!
Enter your email address:
Delivered by FeedBurner

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

No comments:

Genuine Leadership #4: Gratitude