Robbery - USB backup key taken. Next steps?

Some discussions just don't fit into a well defined box. Use this forum to discuss general topics and issues revolving around the Church and the technology offerings we use and share.
jtyewhit
New Member
Posts: 29
Joined: Thu Oct 12, 2017 8:38 am

Robbery - USB backup key taken. Next steps?

Postby jtyewhit » Mon Jun 04, 2018 8:52 am

We recently had a break-in. One of the ward clerks let me know this morning that their USB backup key is missing. The one they use after submitting a tithing batch to backup finance info.

We will make that part of the police report, but what are the next steps given that I imagine the drive contains personal information and ward finance information.

russellhltn
Community Administrator
Posts: 24241
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Robbery - USB backup key taken. Next steps?

Postby russellhltn » Mon Jun 04, 2018 9:48 am

jtyewhit wrote: I imagine the drive contains personal information and ward finance information.

I'm pretty sure it's in an encrypted format, which I think in most cases negates the need to report the data loss.

But I'd call support to if there's any thing you need to do about the theft.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jtyewhit
New Member
Posts: 29
Joined: Thu Oct 12, 2017 8:38 am

Re: Robbery - USB backup key taken. Next steps?

Postby jtyewhit » Wed Jun 20, 2018 8:36 am

I contacted Salt Lake and they confirmed that the data on the USB key is not readable by anyone who doesn't access it via the MLS software.

drepouille
Senior Member
Posts: 1699
Joined: Sun Jul 01, 2007 5:06 pm
Location: Plattsmouth, NE
Contact:

Re: Robbery - USB backup key taken. Next steps?

Postby drepouille » Wed Jun 20, 2018 9:27 am

A related concern of mine is all the documents stored in the file system, outside of MLS. If you store confidential documents on the hard drive, they are readable by anyone who can login to the Windows account that created them, or by anyone with Administrator privileges, or by anyone who can move the hard drive to another system.

If you either copy confidential documents to a flash drive, or just create and manage them directly on a flash drive, similar security concerns arise. Document encryption is possible, as long as enough folks know the passwords used for each document.

Off site storage is an option, as long as you remember to bring the flash drive to church with you. There is no perfect solution.
Dana Repouille, Plattsmouth, Nebraska

russellhltn
Community Administrator
Posts: 24241
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Robbery - USB backup key taken. Next steps?

Postby russellhltn » Wed Jun 20, 2018 10:41 am

drepouille wrote:A related concern of mine is all the documents stored in the file system, outside of MLS. If you store confidential documents on the hard drive, they are readable by anyone who can login to the Windows account that created them, or by anyone with Administrator privileges, or by anyone who can move the hard drive to another system.

If you either copy confidential documents to a flash drive, or just create and manage them directly on a flash drive, similar security concerns arise. Document encryption is possible, as long as enough folks know the passwords used for each document.

Off site storage is an option, as long as you remember to bring the flash drive to church with you. There is no perfect solution.

It's not spelled out in current policy (that I can find), but know I've seen policy that said confidential information was not to be stored on the hard drive. It had to be placed on an external drive and stored in a locked drawer when not in use.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

lajackson
Community Moderators
Posts: 7767
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Re: Robbery - USB backup key taken. Next steps?

Postby lajackson » Wed Jun 20, 2018 7:09 pm

russellhltn wrote:It's not spelled out in current policy (that I can find), but know I've seen policy that said confidential information was not to be stored on the hard drive. It had to be placed on an external drive and stored in a locked drawer when not in use.

Policies and Guidelines for Computers Used by Clerks for Church Record Keeping, August 2009. The instructions may also be buried at the Help Center, but I am unable to find them there.

Under Security, it says that, other than MLS, confidential files should not be stored on the hard drive. They should be saved on external media and locked in storage when not in use.

russellhltn
Community Administrator
Posts: 24241
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Robbery - USB backup key taken. Next steps?

Postby russellhltn » Wed Jun 20, 2018 7:32 pm

lajackson wrote:Policies and Guidelines for Computers Used by Clerks for Church Record Keeping, August 2009.

That sounds right. Some may claim it's superseded, especially since I don't think it's available on-line anymore.

I still consider it wise counsel.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

lajackson
Community Moderators
Posts: 7767
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Re: Robbery - USB backup key taken. Next steps?

Postby lajackson » Wed Jun 20, 2018 7:59 pm

russellhltn wrote:
lajackson wrote:Policies and Guidelines for Computers Used by Clerks for Church Record Keeping, August 2009.

That sounds right. Some may claim it's superseded, especially since I don't think it's available on-line anymore.

I am with the group that would say it is not superseded, but it would be really nice to be able to find it online. Of course, I have trouble finding the current stuff online, as well. I have never really understood why that is. It should not be that hard.

matthewmidgley
New Member
Posts: 23
Joined: Sun Oct 18, 2009 11:44 am
Location: Leeds, England
Contact:

Re: Robbery - USB backup key taken. Next steps?

Postby matthewmidgley » Thu Jun 21, 2018 11:31 pm

Is enabling BitLocker Drive Encryption an option? I would assume most units are on Windows 10 now. One of the issues however is the age of the hardware it's use on and wether they have TPM. Otherwise, another password is required and I can only imagine the chaos if it's lost or forgotten!

lajackson
Community Moderators
Posts: 7767
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Re: Robbery - USB backup key taken. Next steps?

Postby lajackson » Fri Jun 22, 2018 6:28 am

matthewmidgley wrote:Is enabling BitLocker Drive Encryption an option?

Not in the "current" (2009) policy, if you are referring to other confidential files on the hard drive.


Return to “General Discussions”

Who is online

Users browsing this forum: No registered users and 1 guest