How To Protect Sensitive Data

Return - 

Photo by Z on Unsplash 

Learn how you can protect your data and your students' confidential information. You'll learn about ongoing efforts to protect student confidential information. You will also learn, if you don't know already, some great ways to safeguard sensitive data.

Let's get started!

A Quick Activity Before We Start

Share a portrait of your identity using your personal or work email address. Start your portrait here, then share what you come up with in the digital bulletin board (Padlet) below.

Options for Independent Learners

I. Stats on Portable Storage Options and Encryption

II. Cost of Data Breaches in 2022-2023

III. Districts Affected and Texas Safe Harbor

IV. Encryption Tools

V. Explore Tools

VI. Scenarios and Table Talks Available

Big question, responses, and ideas about encryption tools

Give the tools a try on your own with support from facilitators

Craft a response to encryption scenarios you may encounter

The tabletop exercise is a meeting to discuss a simulated emergency situation. 

Resources and Information

Protecting Student information

You may already know that there are several state and national efforts to protect confidential student information. That's critical due to the cyber threats schools and organizations face today.

The Texas Education Agency is working to provide funding for anti-malicious activities. That is, the Texas Legislature approved funding to provide cybersecurity resources to schools through the K-12 Cybersecurity Initiative

Secure Our World. Learn how to protect your family. K-12 Cybersecurity resources are also available.

Texas School Safety Center. This website offers cyberthreat workshops via Zoom. Sessions on cyber threats and school safety are available to school district personnel. This federal government website offers cyber safety considerations for K-12 schools and districts. It highlights resources for stopping phishing and ransomware, as well as other threats.

Cybersecurity for Students via NICCS. For high school students, explore what classes to take. Also explore CyberSecurityEducation and CyberDegrees.

Office of Educational Technology. See this list of resources for K-12 school districts and higher education institutions.

Google's K-12 Cybersecurity Guide

Google's guide highlights these problems...

...and offers solutions and suggestions:

"Not only have these attacks disrupted school operations, but they also have impacted students, their families, teachers, and administrators. 

Sensitive personal information – including, student grades, medical records, documented home issues, behavioral information, and financial information – of students and employees were stolen and publicly disclosed. 

Additionally, sensitive information about school security systems was leaked online as a result of these attacks."


Safeguard Your Data

Studies show that access to encrypted communications is a human rights issue. 

End-to-end encryption make your messages…unintelligible…to snoops and interlopers. [They] can’t access what you’re saying—and neither can the company that offers the platform. People who once thought they had nothing to hide may realize that era is now over (source). 

By taking the time to carefully communicate with staff and students the importance of protecting private data, you can minimize the threat of breaches and unauthorized access (source). 

It's not hard to safeguard your data, even when it's in plain sight. You simply need to learn to encrypt files or folders using free software. You can then put those encrypted files/folders in cloud storage, USB external hard drives for backup purposes. It all starts with secure passwords you can remember or save in a password manager.

Ready to Encrypt Your Data?

Secure Passwords Are Important

Multi-Factor Authentication

Multi-factor authentication includes at least two of the following:

Authenticator Apps for Your Smartphone

2FA Authenticator: Android | iOS

Microsoft Authenticator: Android | iOS

Google Authenticator: Android | iOS

Secure Your Digital Files with encryption

Did you know that if data is encrypted and a data breach occurs, you are not obligated to report it? This is the power of data encryption and can potentially spare you and your employer from unnecessary litigation and expense. This is known as an encryption safe harbor

Texas defines a data breach in terms of sensitive personal information only if the data items are not encrypted (Source: Data Breach Charts, Baker-Hostetler). 

The concept of “Safe Harbor” refers to specific actions that an individual or an organization can take to show a good-faith effort in complying with the law. This good-faith effort provides a “Safe Harbor” against prosecution under the law (source).

A Process To Follow

A) Text Encryption

You can use a variety of text encryption solutions. These are ideal for text/email messages you might send on your smartphone, as well as via a computer.

Tool #1: Paranoia Text Encryption 

Tool #2: Browser-based Text Encryption

Activity: Share a Secret Message

B) File Encryption

Encrypting files with AES-256 can be done with a variety of tools. Here are a few you can use that are free. A few tools include:

Another video on encryption tools.

Sending Files to Others

Need to send important, sensitive tax documents to your accountant? What about confidential information to a parent? Maybe, an NWEA Map Parent Report? Emailing sensitive data as an attachment via Gmail or Outlook won't get the job done. Let's look at three possible solutions.

Option #1: Secure Email w/ Proton

(Available for individuals or organizations)

Need to share sensitive document with a family member or another person? Use a solution like Proton's mail or secure cloud storage (Proton Drive) to share files in a secure manner.

Option #2: Bitwarden Send

(Available for individuals or organizations)

Need to send a critical document to a parent or colleague but don't want to put them through the trouble of learning how to decrypt or encrypt content? Read walkthrough. Get text sharing for free, add files for $10 a year. See pricing.

Option #3: OneHub for Orgs

Need to share sensitive document with others as an enterprise solution? OneHub, a self-hosted or cloud-hosted solution, is customized for clients. Works with MS Office documents, PDFs, Google Docs, etc.

Option #4: Secure FTP for Orgs

Are you a school district or organization needing to send, or make available to a solution partner, automatically generated files (e.g. comma-delimited or CSV)? You may need a secure FTP solution. This involves creating an encrypted conduit. 

Through this encrypted conduit, unencrypted files will be transferred from a server or your computer on a nightly basis. Possible solutions include (but are not limited to): MOVEIt – Provides FTP and PGP support, AutoMate, SFTP Plus, and/or GoAnywhere Secure FTP. There are other options, such as business VPNs. Sign up for an online course to learn more.

Disclaimer: This is one video tutorial of several available. Be sure to evaluate solutions shared to find the best one for your environment.

Backup Your Data

The percentage of computer owners backing up once a day or more often is 6% in 2018,” reports BackBlaze. Other statistics from the Harris Poll, conducted each year for the last eleven years:

About People

Other Stats

Making backups can be hard because it requires a small level of technical expertise and it can take time. You have to first know how to back up. Check out questions to the right. 

What To Remember

Encrypt data before putting it in the cloud, OR put your data in an encrypted online space, such as:

From ransomware to simply human error, it's easy to lose data. That's why it's important to make regular data backups. Most people don't know how, so they tend to rely on cloud storage or nothing.  

USB External Drive

One way to avoid that is to get a USB external drive (2 terabytes is plenty. USB external drives last three to five years on average, so you may want to invest in one every three years to backup your data). You can use free tools to automate backups. 

Free Automated Backup Solution

One free automated backup solution is FileFreeSync. Watch these video tutorials to get started.

File Manager Alternative(s)

Another tool is Free Commander
(Mac alternative? MuCommander).

Take advantage of these tools, and spend the time to learn how to backup your files.

Recovering Lost Data

Accidentally deleted something on Chromebook or Google Drive? Check your trash. It's going to linger for 30 days unless you empty your trash can. But what about Windows or Mac devices? Here are a few solutions you can turn to in a pinch.

This free, open source, Windows only software offers recovery of deleted information on your local storage drives. The website claims the following:

"It finds all of the deleted files on your hard drive, flash drive or SD card and allows you to recover them. Undeletion works best if performed as soon as possible after file deletion. When you delete a file, the data is not lost - but new files being written to the hard drive may overwrite your data permanently, making recovery impossible."

Recuva (Free or $19.95)

This Windows only software offers recovery of deleted information on your local storage drives. The website claims the following:

"Recuva recovers files from your Windows computer, recycle bin, digital camera card, or MP3 player! Recuva can recover pictures, music, documents, videos, emails or any other file type you’ve lost. And it can recover from any rewriteable media you have: memory cards, external hard drives, USB sticks and more! Unlike most file recovery tools, Recuva can recover files from damaged or newly formatted drives. Greater flexibility means greater chance of recovery."

This free, open source, Mac only software offers recovery of deleted information on your local storage drives. The website claims the following:

"EaseUS Mac Undelete is the most reliable Mac undelete software, it automatically scans your hard disk to recover deleted files in a fast and secure way. Features claimed include: Quickly & completely recover deleted, formatted, inaccessible and lost data; Recover videos, photos, music, documents, emails, archives etc. from Mac hard drives and most storage devices; Preview lets you enjoy data recovery in advance."

Disk Drill (Free or $89 Pro)

This Windows, Mac, Android and iOS software offers recovery of deleted information. The website claims the following:

"Recover any file or folder or reconstruct 400+ file types with multiple recovery methods. Connect your storage device & recover data in minutes. Disk Drill supports iOS and Android recovery as well." Watch video.

Make Your Data Unrecoverable

As nice as it is to be able to recover your lost data, there are times you want that data to be unrecoverable. To make data unrecoverable, consider using one of these free, no-cost solutions. Instead of dragging data to your trash can or recycle bin on your computer, do one of these things:

How do you shred or wipe data? Use one of these no-cost tools.

Shred Tool #1: WipeFile

WipeFile deletes files and folders secure and fast. To do this, WipeFile overwrites the information completely, so there is no way to restore the files or reconstruct the file content.

WipeFile supports 14 different wipe methods, e.g. two US Navy standards, the standard of the US Department of Defense, US Air Force and the NATO.

Shred Tool #2: Freeraser

Freeraser, a new trash bin for your Windows desktop that lets you securely and definitively delete your private files. Freeraser has three deleting modes: Fast, Forced, and Ultimate. 

These modes range from lowest to highest level of security, with each requiring a proportional amount of time.

Shred Tool #3: Bleachbit

When your computer is getting full, BleachBit quickly frees disk space. With BleachBit you can free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean thousands of applications including Firefox, Adobe Flash, Google Chrome, Opera, and more

Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source.

Safeguarding Your Internet Browsing

Forty-nine percent of employees use their personal computers for work. Forty-two percent of work from home employees do not have antivirus protection installed.

Almost twenty percent of computers are subject to web-based malware attacks (source). 

Most school district firewalls and software can protect your school purchased device. But what about your personal devices? Fail to safeguard them, you endanger critical confidential data available via work. 

Only twenty-two percent use “enterprise-grade passwords” (source). This is in spite of the fact you can get free services like Bitwarden to assist you in password management. All these factors can make the cyber threat worse.

Protect yourself from tracking ads with one of these solutions. Malware also may use ads as delivery vehicles. While some ads are inoffensive, others are not. Use ad blockers and anti-tracking extensions to safeguard your browsing. Try any two of the following:

Ghostery. Hate it when you see Facebook advertising matching results from a Google search? Use Ghostery extension to block tracking. You can also avail yourself of their private browser and search tools.

AdblockPlus. Block annoying tracking ads with AdblockPlus. This can help prevent website launched malware from infecting your device. You can also prevent pop-ups, video ads, flash banners, and more.

Disconnect. Another anti-tracking extension you can use adopt for use. This can block unwanted tracking, as well as mask your IP address when using public Wi-Fi.

uBlock Origin. Another ad-blocking tool you can choose to use.

Bitwarden. Get a Bitwarden account (free for individuals and available for businesses and schools). Then, use the Bitwarden browser extension to store logins and access them from your phone.

Mullvad VPN and browser. Check out this multi-device, cross-platform virtual private network and web browser (Firefox based). It comes with a browser extension to better protect your internet connections. You can sign up by month (a few dollars), and renew as needed. The author is a subscriber.

Learn More

Deepen your knowledge of useful cybersecurity that prepares you to safeguard your own devices. Then, learn more about network security.

Introductory Level for Educators

Technical Support Staff