Portal de Periódicos da CAPES

Protect Your Portable Data - Always and Everywhere: Data Portability and Data Security Are Not Mutually Exclusive. Learn How to Have Both

2009; American Institute of Certified Public Accountants; Volume: 207; Issue: 6 Linguagem: Inglês

0021-8448

Simon Petravick, Stephen G. Kerr,

Advanced Data Storage Technologies

[ILLUSTRATION OMITTED] EXECUTIVE SUMMARY * Laptops, flash drives, and other convenient devices may have significant unresolved risk exposures. Unless you encrypt or otherwise protect the data they contain, you're endangering your business and career. * Federal, state, and local laws and regulations require professionals and institutions to safeguard all personal data they collect. Violating these statutes, related regulations or state laws may result in huge fines or damages awards. The cost of encryption, however, is comparatively minuscule. * Many cost-effective encryption products greatly improve the safety of sensitive data. Implement at least one immediately, and stay abreast of the expanding array of hardware- and software-based alternatives. * Perhaps the simplest way you can safeguard the data on your computer is to buy a new one with storage that supports encryption. To avoid mishaps, use automated full-disk encryption products-either hardware or software. Wherever possible, implement automated full-disk encryption. It's safer than selective encryption applied at a user's discretion. * If an organization relies on user-selected encryption, it should stress to employees that the only data that do not need to be encrypted are those available to anyone. ********** Their widespread use sometimes makes relatively new technologies seem safer than they are. In fact, even popular and advantageous innovative devices may have significant risks. Prominent examples include data-filled laptops and flash drives. Recurrent headlines make it clear: Your laptop could become one of the thousands lost or stolen every year. Not surprisingly, if the device contains client tax returns or other sensitive information, you and your firm could be ethically, legally and financially responsible for a security breach and its consequences. The danger is too great to ignore, but these convenient devices have become a tactical necessity for CPAs on the go. This article looks at new technologies that mitigate the risks of portable data storage devices so you can use them without hesitation. POST MORTEM Serious data losses can occur without warning. Consider the fictitious case of CPA Rhonda, the director of admissions and financial aid for a college. After she barely makes a commuter flight to meet potential students and their parents, Rhonda has to sit at the back of the crowded cabin and let a flight attendant stow her carry-on bag up front. Inside the bag is her laptop, which contains the financial histories of the prospective students' families. Once the plane lands, a watchful thief snatches Rhonda's bag before she gets to the cabin door. Rhonda had to obey the flight attendant when her bag was stowed for the flight, but the real issue is whether the information on her laptop is safe from the thief's prying eyes. Convenient new encryption products could have tipped the odds in Rhonda's favor. NUTS AND VOLTS Recent technological advances have expanded the array of encryption tools. Some are built into Windows and Apple operating systems you may already use. For other tools, you may need to buy new hardware or software. Some built-in programs do not enable you to encrypt external storage media, such as flash drives and CDs. You can, however, safeguard your portable data by using the encrypted flash drives or the add-on encryption software discussed below. Operating system-based encryption. Users of the Ultimate or Enterprise versions of Microsoft Vista can employ BitLocker, a built-in encryption program. Once you activate BitLocker, it encrypts all files that are saved to the volume or drive you select. Users of Windows Vista Business, Enterprise, and Ultimate; XP Pro; and Windows 2000 can use Microsoft's Encrypting File System (EFS) to encrypt files or folders they choose. This, however, is user-selected, rather than full-disk, encryption. …