You are here: Home / Contracts / Security Plans / How to Secure an External Hard Drive

How to Secure an External Hard Drive

For one to three users who are willing to schedule time accessing the data, a stand-alone computer attached to an encrypted external hard drive with an emphasis placed on physical security of the computer and controlling access to the data can be one of the most secure computing platforms for your sensitive data. An external hard drive is a modified version of the stand-alone computer, in effect keeping the Add Health data off the Internet or a LAN, even though you may be using your main computer that is normally connected to the internet.

The emphasis for securing the data on an external hard drive is placed on removing the computer from the network while the external hard drive is in use, controlling access to the data directory, and physically securing the hard drive in a locked cabinet when not in use.

USB "thumb/jump" drives are not acceptable devices for this option. USB external hard drives, Firewire external hard drives, or EIDE hard drives in a Startech-type of removable device are acceptable options. The external hard drive must be larger than purse or pocket size. These external hard drives are sometimes classified as desktop models and must be plugged into an electrical outlet when in use.

Use of a laptop with the external hard drive is permitted, however the laptop must be secured to a desk by lock and cable.

To make this scenario work, you need remember and do only two things:

  1. Never have the network cable and external hard drive connected to the computer at the same time.
  2. Always secure the external hard drive in a locked cabinet, drawer, or safe when not in use.

Prerequisites for placing the Add Health data on an external hard drive:

  1. You need a private, lockable office, not a student computer lab.
  2. You need your statistical analysis applications installed on your local hard drive, not on a network server.
  3. You may need a new local userid on your PC, since you may not be able to use your Domain Account, unless you are able to login without an internet connection (e.g., credentials are cached).
  4. You must use an operating system that is currently being patched and supported by the vendor (e.g., Windows 7, 8.1, 10, Mac OS X, or Linux). You may not use Windows 95, 98, NT4, or XP. If you are unsure whether or not your operating system is currently supported, do an internet search on your operating system with the word "lifecycle." This should give you the vendor's timeline for supporting the operating system. For example, searching "Windows Lifecycle" shows the Microsoft page detailing the years during which their operating systems will be supported.
  5. You must not move the external hard drive from the location specified in your security plan (e.g., cannot move between office and home).

Follow these steps to prepare your computer for use with the Add Health data on an external hard drive:

  1. Power down the computer, which resides in a locked room accessible by authorized personnel only.
  2. Disconnect the network cable.
  3. Connect the external hard drive.
  4. Power up the computer.
  5. Login using the local userid created for accessing the Add Health data.
  6. Create separate directories on the external hard drive for the Add Health data and your program files.
  7. Encrypt the entire external hard drive with either Bitlocker, PGP Whole Disk Encryption, Veracrypt or another whole disk encryption program, or encrypt the sensitive data directory on the external hard drive using Windows' Encrypting File System or Veracrypt or similar encryption program. (Make sure you do not encrypt your program and documentation directories unless you are using Whole Disk Encryption.)
  8. Configure your analysis software to point temporary work files to the encrypted Add Health data directory on the external hard drive.
  9. Password protect your screen saver and activate after three minutes of inactivity.
  10. Install and periodically run a secure erasure program. This program should be run monthly and after the secure data has been removed from the computer at the end of the contract period. (Heidi is free and works well. SDELETE also works well and can be scripted.) 

Follow these steps each time you use the Add Health data external hard drive:

  1. Power down the computer.
  2. Disconnect the network cable. (Creating a hardware profile that disables the network interface card is an acceptable substitute for disconnecting the network cable.)
  3. Connect the external hard drive.
  4. Power up the computer.
  5. Login using your local userid.
  6. Do not leave your computer and external hard drive unattended.
  7. Do not copy or move the Add Health data out of the secured directory on the external hard drive for any reason. 

Follow these steps when you are not using the Add Health data external hard drive:

  1. Logout.
  2. Power down the computer.
  3. Disconnect the external hard drive.
  4. Lock the external hard drive in a secure place (e.g., a file cabinet, drawer, or safe).
  5. Connect the network cable.

Form to describe your security plan

 

CPC Home