Security and protection of sensitive information is more critical today than ever before. The University of Akron has between 5-10 faculty/staff laptops lost or stolen each year.
In order to protect The University of Akron and personal sensitive information, the Information Technology Security Committee (ITSC) requires that Whole Hard Disk Encryption software be installed on faculty and staff laptops.
Whole hard drive encryption protects data on a computer from access if it is stolen. Encryption software is another layer in The University of Akron overall security plan.
Encryption is the process of using advanced algorithms to convert data to a form that is indistinguishable from random data without the key.
After an exhaustive review, Information Technology Services identified Pointsec data encryption software as the product that best meets the University’s needs.
For information about the encryption software, visit http://pointsec.com
The deployment of whole disk encryption is the result of a request by the Information Technology Security Policy Committee (ITSPC).
ITSPC is responsible to the Office of the Provost. One of the committee’s tasks is the improvement of the security of sensitive data at The University of Akron. The Cost for Loss of Confidential Information When sensitive or confidential information is lost or stolen, the cost be devastating both in terms of dollars and public trust.
Ohio University estimates it will spend over $8 million because of their security breach.
The Veterans Administration spent $4 million dollars just to notify affected veterans when data was compromised.
The University of Texas experiences a large drop in the number of applications after a security breach.
Insurance to cover the notification cost of a data breach would be $90,000 a year.
The Gartner group estimates the direct costs of a security breach is a $79 per name. If 10,000 names are compromised, that’s $790,000. If 100,000 names, it’s $7.9 million.
By encrypting its computers, The University of Akron is taking a major step toward ensuring the security of its data and mitigating the damaging effects of a security breach.
Benefits of Using Encryption Software
- Regulatory compliance. Using the data encryption software places The University of Akron in compliance with legal requirements for the protection of sensitive data.
- Improved data security. This software will provide a substantial increase in the security of sensitive data such as student grades and information stored on faculty members laptops.
- Cost Savings. If a laptop with encryption software is lost and it is has sensitive data on it, the University does not need to notify the individuals whose information is on the laptop because the data is not compromised.
Password Reset Policy
In order to ensure the security of sensitive date, the following policy will be followed by the Support Desk when resetting a password. For normal situations, users who have forgotten their encryption password:
- Traditional identity verification will occur
- In Person: Photo ID
- Over the Phone: Verify any of the identity items required for a password reset.
- Support Desk will verify the name identified against the laptop-ownership database.(\\fp1\IS Public\Technology Learning Support Center\Pointsec)
- If they match, the Support Desk will allow the user to reset the password through the challenge/response system.
This policy has been changed from its original form
In some cases the user may not know their PointSec password because they never went through the initial setup. If a user has never been able to get past the PointSec Logon screen, have them try to login with:
- Username: firstuse
- Password: gozips1
note: After the first login with this ID, the user will be forced to create a new username/password. This "firstuse" account will no longer function. This new username and password only applies to that particular machine
Password Requirements and Expiration
Passwords expire every 120 days and need to be changed.
Note: Pointsec password and UAnetID passwords are not connected, changing one will not affect the other
Passwords are required to be at least 7 characters long, with at least one letter, one number, and one capital letter.
Pointsec will retain a history of the previous five passwords.
More information can be found here http://www.uakron.edu/its/learning/training/Encryption.php
First Use Password Expiration
As of march 1 the Pointsec firstuse account expired. The problem was fixed in the new laptop images that were copied into production today. Laptops imaged with the old image will have to have the user account created manually.
- Login to Pointsec with your admin account
- Go into the Pointsec program
- Add the user as a Pointsec user and set the password to gozips1.
- Set the password to require the user to make a new password the first time.