Secure Transit & Storage

HOW TO SECURELY STORE & SEND CONFIDENTIAL

DATA by

The UTHSC Information Security Team

Current Challenges

Certain data files require large amounts of storage

Having multiple copies and secure backups in the event data or file is lost or corrupted

Securing files and data but also making those files easily accessible

Share and send confidential data securely

Confidential Data & InformationUnique Identifiers

ExamplesName & Email AddressesAddress and Phone/Fax NumberSSNsIdentifying PhotographyAccount, certificate, and license numbersVehicle identifiers and serial numbers, including license plate numbersDevice identifiers and serial numbersURLs and IP Addresses

Applies to ALL applicable Federal, State, Local laws and regulations related to safeguarding confidential data and information.

What To Do

Protect confidential data or information.  Recognizing the unique identifiers. Refrain from texting  confidential data/information.

Use trusted and authorized email systems to send and receive confidential data and information.  There are a number of email systems you do not want to use including Gmail, Yahoo, AOL, and other unauthorized email systems.

Keep confidential data contained.  Try to refrain from forwarding emails. 

What’s the Potential Harm?

Breaches of data security can result in

Damage to reputation

Disruption of operations

Legal liability under new and amended laws, regulations, and guidelines, as well as under contracts

Financial costs

SOLUTIONS!

Storage

Hard Drive & Device Storage

Computer (Desktop workstations)

Laptop

iPad

Tablet

iPhone

Android

Cloud Storage (or Virtual Storage)

Xythos

Office365

Transit

Shared Drive or Secure File Sharing

Xythos

Office365 SharePoint

Office365 Exchange

NcryptedCloud

Encrypted USB

Email

Encrypted Email

Secure Email

XythosStorage & Secure File Sharing

Xythos is content management software that allows you to place files in a central location so they can be accessed via the internet. You can upload, access, and share files from anywhere with any computer that is connected to the internet. With a Xythos account you can share your files and folders with anyone at UTHSC or outside of the college.

Xythos offers:

An alternative secure way of sharing files without the use of e-mail attachments

Ease of access from anywhere

A browser-based, OS-Independent web interface

Flexible, user defined shares to anyone on and off campus

Secure file transfers https://academic.uthsc.edu/edtech/xythos/

SharePoint Online (O365)Storage & Secure File Sharing

Cloud-based collaboration; all the functionality of our existing SharePoint server plus more

Retirement of the on-premise SharePoint server will be considered after the Office 365 Education implementation. All existing SharePoint data will be retained.

Rollout: Fall 2015

http://www.uthsc.edu/its/pmo/projects/index.php

Encrypted Cloud

EnCrypted Cloud is an encryption and sharing mechanism.

Protect and share your files in seconds from your existing cloud provider on any device.

Track & control access to your files even after you’ve hit Send.

Connect with current cloud drives like Dropbox, GoogleDrive, OneDrive, and Box.

Contact the UTHSC Information Security Team if you or your department is interested in trying Encrypted Cloud.

https://www.encryptedcloud.com/

Exchange (O365)

Migration to cloud-based email server (no changes to Outlook); increase in quota from 1GB to 25GB

Encrypted Email

Rollout: Fall 2015

http://www.uthsc.edu/its/pmo/projects/index.php

UT Courier Secure Email (UT Vault)

Transmit confidential data and information with UT and non-UT personnelUT Users

Max file size: 1.5GBCumulative Storage: 10GBNumber of messages allowed to be sent: 50/hrNumber of messages a single address can receive: 50/hr

Non-UT UsersMax file size: 1.5GBCumulative Storage: 3GBNumber of messages allowed to be sent: 3/hrNumber of messages a single address can receive: 2/hr

https://vault.utk.edu/http://help.utk.edu/kb/index2.php?searchfor=UT+Vault&func=search

Computer and Laptops

Full Disk Encryption (FDE)

Trend Micro

Minimizes impact in case of data theft and accidental data loss along with information security violations, reputation damage, and revenue loss.

In the event a device is lost or stolen, full disk encryption ensures your data is unreadable.

Rollout: Fall 2015

http://www.uthsc.edu/its/pmo/projects/index.php

iPads and Tablets

Passcode

Download and Install all Office365 Apps from Microsoft, Inc. using your UTHSC credentials (Rollout: 2015-2016 Fiscal Year)

Tablets (android devices)

Native Encryption within settings

iPhones & Androids

Passcode

Download and Install all Office365 Apps from Microsoft, Inc. using your UTHSC credentials (Fall 2015)

Tablets (android devices)

Native Encryption within settings

Encrypted USB

Encrypted and Authorized USB or Jumpdrives are suitable for transit of confidential data and information

Individuals MUST take necessary precautions in safekeeping the USB

Summary

Learn to recognize unique identifiers.

NEVER text confidential data or information.

Use ONLY secure and authorized systems to store and transfer confidential data and information.

THINK before you send or store. If you are in doubt, contact Information Security.

UTHSC Information Security Team

L. Kevin Watson

lwatso20@uthsc.edu

(901) 448-7010

Frank Davison

fdavison@uthsc.edu

(901) 448-1260

Jessica McMorris

jmcmorr1@uthsc.edu

(901) 448-1579

Ammar Ammar

aammar@uthsc.edu

(901) 448-2163

• Information Security Email: itsecurity@uthsc.edu

• Website: security.uthsc.edu

• To report phishing and spam email forward it to abuse@uthsc.edu