We recently had a break-in. One of the ward clerks let me know this morning that their USB backup key is missing. The one they use after submitting a tithing batch to backup finance info.
We will make that part of the police report, but what are the next steps given that I imagine the drive contains personal information and ward finance information.
Robbery - USB backup key taken. Next steps?
-
russellhltn
- Community Administrator
- Posts: 33322
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Robbery - USB backup key taken. Next steps?
I'm pretty sure it's in an encrypted format, which I think in most cases negates the need to report the data loss.jtyewhit wrote: I imagine the drive contains personal information and ward finance information.
But I'd call support to if there's any thing you need to do about the theft.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
Re: Robbery - USB backup key taken. Next steps?
I contacted Salt Lake and they confirmed that the data on the USB key is not readable by anyone who doesn't access it via the MLS software.
-
drepouille
- Senior Member
- Posts: 2852
- Joined: Sun Jul 01, 2007 6:06 pm
- Location: Plattsmouth, NE
Re: Robbery - USB backup key taken. Next steps?
A related concern of mine is all the documents stored in the file system, outside of MLS. If you store confidential documents on the hard drive, they are readable by anyone who can login to the Windows account that created them, or by anyone with Administrator privileges, or by anyone who can move the hard drive to another system.
If you either copy confidential documents to a flash drive, or just create and manage them directly on a flash drive, similar security concerns arise. Document encryption is possible, as long as enough folks know the passwords used for each document.
Off site storage is an option, as long as you remember to bring the flash drive to church with you. There is no perfect solution.
If you either copy confidential documents to a flash drive, or just create and manage them directly on a flash drive, similar security concerns arise. Document encryption is possible, as long as enough folks know the passwords used for each document.
Off site storage is an option, as long as you remember to bring the flash drive to church with you. There is no perfect solution.
Dana Repouille, Plattsmouth, Nebraska
-
russellhltn
- Community Administrator
- Posts: 33322
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Robbery - USB backup key taken. Next steps?
It's not spelled out in current policy (that I can find), but know I've seen policy that said confidential information was not to be stored on the hard drive. It had to be placed on an external drive and stored in a locked drawer when not in use.drepouille wrote:A related concern of mine is all the documents stored in the file system, outside of MLS. If you store confidential documents on the hard drive, they are readable by anyone who can login to the Windows account that created them, or by anyone with Administrator privileges, or by anyone who can move the hard drive to another system.
If you either copy confidential documents to a flash drive, or just create and manage them directly on a flash drive, similar security concerns arise. Document encryption is possible, as long as enough folks know the passwords used for each document.
Off site storage is an option, as long as you remember to bring the flash drive to church with you. There is no perfect solution.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
Re: Robbery - USB backup key taken. Next steps?
Policies and Guidelines for Computers Used by Clerks for Church Record Keeping, August 2009. The instructions may also be buried at the Help Center, but I am unable to find them there.russellhltn wrote:It's not spelled out in current policy (that I can find), but know I've seen policy that said confidential information was not to be stored on the hard drive. It had to be placed on an external drive and stored in a locked drawer when not in use.
Under Security, it says that, other than MLS, confidential files should not be stored on the hard drive. They should be saved on external media and locked in storage when not in use.
-
russellhltn
- Community Administrator
- Posts: 33322
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Robbery - USB backup key taken. Next steps?
That sounds right. Some may claim it's superseded, especially since I don't think it's available on-line anymore.lajackson wrote:Policies and Guidelines for Computers Used by Clerks for Church Record Keeping, August 2009.
I still consider it wise counsel.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
Re: Robbery - USB backup key taken. Next steps?
I am with the group that would say it is not superseded, but it would be really nice to be able to find it online. Of course, I have trouble finding the current stuff online, as well. I have never really understood why that is. It should not be that hard.russellhltn wrote:That sounds right. Some may claim it's superseded, especially since I don't think it's available on-line anymore.lajackson wrote:Policies and Guidelines for Computers Used by Clerks for Church Record Keeping, August 2009.
-
matthewmidgley
- New Member
- Posts: 26
- Joined: Sun Oct 18, 2009 12:44 pm
- Location: Leeds, England
- Contact:
Re: Robbery - USB backup key taken. Next steps?
Is enabling BitLocker Drive Encryption an option? I would assume most units are on Windows 10 now. One of the issues however is the age of the hardware it's use on and wether they have TPM. Otherwise, another password is required and I can only imagine the chaos if it's lost or forgotten!
Re: Robbery - USB backup key taken. Next steps?
Not in the "current" (2009) policy, if you are referring to other confidential files on the hard drive.matthewmidgley wrote:Is enabling BitLocker Drive Encryption an option?