Now that we have spent a couple of months together talking about managing our knowledge and some of the online tools that are available to us, I feel like we should spend this week taking a step back and considering the safety of our information. We are all very aware of cautions we need to take to protect our privacy on social networking sites like Facebook or LinkedIn, but how many of us have considered all the other online tools we use every day?
It is easy to become complacent about our online security. Many of us have whole departments of IT professionals who are busily keeping our emails relatively clear of spam, and alerting us to possible infestations of computer viruses and worms. With our Knights in Shining IT Armor guarding our systems, it is easy to overlook other kinds of vulnerabilities that might be targeting our data instead.
Information Security with regards to cloud computing was highlighted for me recently by our Security Policy and Compliance Manager in our systems area. Our conversation was eye opening for me and resulted in a new page that I post in my research guides and discuss in my workshops and classes. And he is far from alone; in fact, Forbes has an entire section of their website devoted to latest news in Cloud Computing.
For example, I had never thought about the vulnerability of Dropbox. That wonderful tool that just automatically syncs my computer with the Dropbox files when I log in, could be vulnerable to being hijacked. All anyone needs is brief access to my account name and they could add their own computer as a new location for syncing. This would result in anything I added to my Dropbox being automatically sent to this hijacker as well. I am told it is somewhat tricky to determine all of the locations that sync to my account, so this could easily go unnoticed for some time. Now I do not put sensitive information in my Dropbox, so this is less of a concern to me. Consider however, your researchers who DO deal with sensitive information as well as data on new discoveries and possible patentable research. This could be devastating to them as well as the university should they have their data prematurely revealed. The University of Michigan has a great page that their IT folks put together on their view of data safety in cloud based storage and Google Docs. The page is very user friendly and brings up great issues for faculty and researchers alike to consider.
Then there are mobile devices. Mobile devices are often more vulnerable to security breaches and offer hackers more opportunities of access to cloud services. The most secure company computer can be derailed by just one unknowing employee syncing their infected mobile device with the secure environment. Free WiFi hot spots are also a vulnerable area; Bob Rankin did a very nice writeup on this topic on his site: “The Big Problem With Free Wifi Hotspots”. If sites you visit or email providers you use don’t encrypt their connection, then anything you send or even read could be vulnerable to being vulnerable to other eyes as well.
So should we go back to just using our mobile devices offline? No, of course not, but being aware of vulnerabilities and taking precautions such as authentication procedures using strong passwords, and cryptography for sensitive data can go a long way to making our mobile use safer. Ellyssa Kroski wrote a lovely post in January for the Open Education Database on online privacy tips for librarians.
For Further Exploration and Insight:
1. Do you know the IT policy of your university? Search it out or talk to an IT professional about possible vulnerabilities for you or your users.
2. So are Cloud Computing fears overblown? Read Emma Byrne’s three-part series in Forbes . Where do you stand on the issue?
Byrne, Emma. Forbes December 2012. Are Cloud Data Security Fears Overblown? (3 part series)
Forbes, Cloud Computing Section
Kroski, Ellyssa. iLibrarian. January 29, 2013. 10 Online Privacy Tips for Librarians
Rankin, Bob. The Big Problem With Free Wifi Hotspots
University of Michigan. Cloud Computing and Information Security.
Calendar Image courtesy of ammer/FreeDigitalPhotos.net