Robbery - USB backup key taken. Next steps?

Some discussions just don't fit into a well defined box. Use this forum to discuss general topics and issues revolving around the Church and the technology offerings we use and share.
Post Reply
jtyewhit
Member
Posts: 83
Joined: Thu Oct 12, 2017 9:38 am

Robbery - USB backup key taken. Next steps?

#1

Post by jtyewhit »

We recently had a break-in. One of the ward clerks let me know this morning that their USB backup key is missing. The one they use after submitting a tithing batch to backup finance info.

We will make that part of the police report, but what are the next steps given that I imagine the drive contains personal information and ward finance information.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Robbery - USB backup key taken. Next steps?

#2

Post by russellhltn »

jtyewhit wrote: I imagine the drive contains personal information and ward finance information.
I'm pretty sure it's in an encrypted format, which I think in most cases negates the need to report the data loss.

But I'd call support to if there's any thing you need to do about the theft.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
jtyewhit
Member
Posts: 83
Joined: Thu Oct 12, 2017 9:38 am

Re: Robbery - USB backup key taken. Next steps?

#3

Post by jtyewhit »

I contacted Salt Lake and they confirmed that the data on the USB key is not readable by anyone who doesn't access it via the MLS software.
drepouille
Senior Member
Posts: 2859
Joined: Sun Jul 01, 2007 6:06 pm
Location: Plattsmouth, NE

Re: Robbery - USB backup key taken. Next steps?

#4

Post by drepouille »

A related concern of mine is all the documents stored in the file system, outside of MLS. If you store confidential documents on the hard drive, they are readable by anyone who can login to the Windows account that created them, or by anyone with Administrator privileges, or by anyone who can move the hard drive to another system.

If you either copy confidential documents to a flash drive, or just create and manage them directly on a flash drive, similar security concerns arise. Document encryption is possible, as long as enough folks know the passwords used for each document.

Off site storage is an option, as long as you remember to bring the flash drive to church with you. There is no perfect solution.
Dana Repouille, Plattsmouth, Nebraska
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Robbery - USB backup key taken. Next steps?

#5

Post by russellhltn »

drepouille wrote:A related concern of mine is all the documents stored in the file system, outside of MLS. If you store confidential documents on the hard drive, they are readable by anyone who can login to the Windows account that created them, or by anyone with Administrator privileges, or by anyone who can move the hard drive to another system.

If you either copy confidential documents to a flash drive, or just create and manage them directly on a flash drive, similar security concerns arise. Document encryption is possible, as long as enough folks know the passwords used for each document.

Off site storage is an option, as long as you remember to bring the flash drive to church with you. There is no perfect solution.
It's not spelled out in current policy (that I can find), but know I've seen policy that said confidential information was not to be stored on the hard drive. It had to be placed on an external drive and stored in a locked drawer when not in use.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
lajackson
Community Moderators
Posts: 11460
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

Re: Robbery - USB backup key taken. Next steps?

#6

Post by lajackson »

russellhltn wrote:It's not spelled out in current policy (that I can find), but know I've seen policy that said confidential information was not to be stored on the hard drive. It had to be placed on an external drive and stored in a locked drawer when not in use.
Policies and Guidelines for Computers Used by Clerks for Church Record Keeping, August 2009. The instructions may also be buried at the Help Center, but I am unable to find them there.

Under Security, it says that, other than MLS, confidential files should not be stored on the hard drive. They should be saved on external media and locked in storage when not in use.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Robbery - USB backup key taken. Next steps?

#7

Post by russellhltn »

lajackson wrote:Policies and Guidelines for Computers Used by Clerks for Church Record Keeping, August 2009.
That sounds right. Some may claim it's superseded, especially since I don't think it's available on-line anymore.

I still consider it wise counsel.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
lajackson
Community Moderators
Posts: 11460
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

Re: Robbery - USB backup key taken. Next steps?

#8

Post by lajackson »

russellhltn wrote:
lajackson wrote:Policies and Guidelines for Computers Used by Clerks for Church Record Keeping, August 2009.
That sounds right. Some may claim it's superseded, especially since I don't think it's available on-line anymore.
I am with the group that would say it is not superseded, but it would be really nice to be able to find it online. Of course, I have trouble finding the current stuff online, as well. I have never really understood why that is. It should not be that hard.
matthewmidgley
New Member
Posts: 26
Joined: Sun Oct 18, 2009 12:44 pm
Location: Leeds, England
Contact:

Re: Robbery - USB backup key taken. Next steps?

#9

Post by matthewmidgley »

Is enabling BitLocker Drive Encryption an option? I would assume most units are on Windows 10 now. One of the issues however is the age of the hardware it's use on and wether they have TPM. Otherwise, another password is required and I can only imagine the chaos if it's lost or forgotten!
lajackson
Community Moderators
Posts: 11460
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

Re: Robbery - USB backup key taken. Next steps?

#10

Post by lajackson »

matthewmidgley wrote:Is enabling BitLocker Drive Encryption an option?
Not in the "current" (2009) policy, if you are referring to other confidential files on the hard drive.
Post Reply

Return to “General Discussions”