The Information Technology department plans to scan all College-owned desktop and laptop computers in the coming months.

In response to the theft of a laptop computer from the office of a faculty member on February 27—the second theft in one year of a Metro State laptop containing personnel information—IT is implementing increased security measures.

IT Interim Vice President George Middlemist said that the College has not received any reports of identity theft related to the recently stolen laptop, which contained 988 student Social Security Numbers. Nevertheless, identity theft remains a concern, particularly regarding personally identifiable information that might remain on other College computers.

Employees urged to self-scan computers
Middlemist is requesting that all faculty and staff review their computers for this type of information. “Everyone should pay close attention to class rosters created before the 2003 spring semester and any other lists of student or employee information created before October 2002,” Middlemist said, adding that these files should be deleted immediately if found.

Middlemist suggests the program Cornell Spider for scanning computers to identify files that may contain confidential data (http://www.cit.cornell.edu/computer/security/tools/) and Eraser 5.82 to delete data from a Windows operating system (http://sourceforge.net/project/showfiles.php?group_id=37015).

While requesting that faculty and staff perform self-scans on College computers, IT is implementing additional security measures, including scanning all college-owned desktop computers and escalating the process of encrypting college-owned laptops, begun after the 2006 laptop theft.

IT to scan all desktops
Beginning Wednesday, April 4, IT will scan all desktop computers that are connected to the College’s network for number sequences that appear to be Social Security or credit card information. IT will not remotely remove any data. IT will contact all employees after the scanning has been completed and, if IT identifies any potential confidential information, request removal of the information within two weeks. IT will rescan all computers found to have confidential information, to ensure that the information is removed.

IT and consultant to scan and encrypt all laptops
IT will employ an external consultant to help expedite the process of scanning and encrypting all College-owned laptops, a process scheduled to be completed by the end of this semester.

The College adopted a policy on Feb.19 that forbids the storing of Social Security or credit card numbers on mobile computing devices such as laptops, thumb drives or PDAs. The full policy can be found at http://www.mscd.edu/~infotech/policies.

To read about the two laptop thefts or the steps taken by IT to address security issues, go to http://www.mscd.edu/securityalert/recent_news.htm.