<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">In this issue:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">1. Follow Up to Adobe PDF Protection</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Last week's issue included an article about some of the security features in the Adobe Acrobat product that are meant to protect PDF documents containing sensitive information. In this day and age of data protection requirements and regulations, having a way to protect a single document seems like a great idea.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">However, there is a catch (as there is with anything to do with security). I should have pointed out in last week's article that whenever there's a claim about a product having some incredible security features, there must always be some skepticism on the part of the user. No security tool is fail-safe and security risks can not be resolved with just one product.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Regarding the Adobe security features, namely protecting a PDF document from access, alteration or printing, and redacting sensitive data in the files, several of my readers shared with me ways a determined hacker can circumvent the protections Adobe put in place. </div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Without going into the details of how one can do this, I recommend we always objectively consider whether using built-in protection in a product gives us a false sense of security. When using security tools, remember there is likely a smarter person out there who can remove the security we put into place. </div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Think about an alarm system on a building. The alarm is there to deter thieves from breaking in, but if someone really wants to get in, an experienced thief can likely find a way to disable the alarm and get in undetected, no matter how good the security technology. However, we can increase the likelihood that the thief will stop trying if we added other features, such as a guard dog, a high, locked fence, a moat, and more locks on the building. This is how we must think about securing data as well.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Here are some quick tips on establishing good data protection:</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div>
<ul style="list-style-type: disc">
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Use full disk encryption with a product such as PGP to encrypt all documents on a computer. If a computer has documents on it you may not realize contain sensitive data, they will ALL be protected.</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">Don't electronically share documents that you know should not be forwarded along to others, should not be printed because of sensitive data, or should not be modified. Instead, print the documents out, redact the data you deem sensitive with a marker, and then send it as a hard copy to the person who needs to review it.</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">If you want to be extra safe when redacting, cross out the sensitive numbers (social security numbers, credit card numbers, etc) with a marker, then make a copy of the document on a copier. This should prevent anyone from "reading through" the marker. Or you can cut the numbers out with a scissor or hole-punch.</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">If you have many records in an excel file with sensitive data included, and need to share the records, remove the column with the sensitive data before sending it along. Many times the information others need from the file is not the social security numbers or the account numbers but all the other fields, which don't contain the sensitive data.</li>
<li style="margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">It is a good idea to not send any files containing sensitive data through email. Instead upload the file to a shared server to which others can be given limited access. Remember to remove a person's access if the he/she no longer needs it for business reasons.</li>
</ul><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">If you need more information, you can go to <<a href="http://web.mit.edu/infoprotect/">http://web.mit.edu/infoprotect/</a>> for various resources. You can also find some tips at <<a href="http://ist.mit.edu/security/support/protect">http://ist.mit.edu/security/support/protect</a>>. </div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">An in-person information session covering what is considered sensitive data and how to handle this type of information at MIT can be requested by contacting Allison Dolan (<a href="mailto:adolan@mit.edu">adolan@mit.edu</a>).</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Thank you for doing your part in "providing the MIT community with accurate, reliable information to authorized recipients and to preserve vital records." (MIT Policy 13.2.2, see <<a href="http://web.mit.edu/policies/13/13.2.html">http://web.mit.edu/policies/13/13.2.html</a>>)</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">===========================================================================</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; min-height: 16px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Find current and older issues of Security FYI Newsletter: <<a href="http://kb.mit.edu/confluence/x/ehBB"><span style="text-decoration: underline ; color: #2151aa">http://kb.mit.edu/confluence/x/ehBB</span></a>></div></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; "><font class="Apple-style-span" face="Calibri"><span class="Apple-style-span" style="font-size: medium; "><font class="Apple-style-span" face="Arial"><br></font></span></font></div><div apple-content-edited="true"><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Calibri; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Calibri; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div><div>Monique Yeaton</div><div>IT Security Awareness Consultant</div><div>MIT Information Services & Technology (IS&T)</div><div>(617) 253-2715</div><div><a href="http://ist.mit.edu/security">http://ist.mit.edu/security</a></div><div><br></div><br></div></div><br></div></span><br class="Apple-interchange-newline"></div></span><br class="Apple-interchange-newline"> </div><br></body></html>