Skip to content. | Skip to navigation

Personal tools

How to Secure an External Hard Drive

A stand-alone computer with an emphasis placed on physical security of the computer and controlling access to the data is the most secure computing platform for your sensitive data. An external hard drive is a modified version of the stand-alone computer, in effect keeping your sensitive data off the Internet or a LAN.

The emphasis for securing the data on an external hard drive is placed on removing the computer from the network while the external hard drive is in use, controlling access to the data directory, and physically securing the hard drive in a locked cabinet when not in use.

USB "thumb/jump" drives are NOT acceptable devices for this option. USB external hard drives, Firewire external hard drives, or EIDE hard drives in a Startech-type of removable device are acceptable options.

To make this scenario work, you need to remember and do only two things:

  1. Never have the network cable and external hard drive connected to the computer at the same time.
  2. Always secure the external hard drive in a locked cabinet, drawer, or safe when not in use.

Prerequisites for placing your sensitive data on an external hard drive:

  1. You need a private, lockable office, not a student computer lab.
  2. You need your statistical analysis applications installed on your local hard drive, not on a network server.
  3. You will need a new local userid on your PC. You will not be able to use your Domain Account.
  4. You may use Windows XP or Windows 7, Mac OS X, or Linux. You may not use Windows 95, 98, or NT4.
  5. You must not move the external hard drive from the location specified in your security plan (e.g., cannot move between office and home).

Follow these steps to prepare your computer for use with your sensitive data on an external hard drive:

  1. Power down the computer, which resides in a locked room accessible by authorized personnel only.
  2. Disconnect the network cable.
  3. Connect the external hard drive.
  4. Power up the computer.
  5. Login using the local userid created for accessing your sensitive data.
  6. Create separate directories on the external hard drive for your sensitive data and your program files.
  7. Using Windows Encryption (EFS), or another suitable encryption program, encrypt your sensitive data directory on the external hard drive. (Make sure you do not encrypt your program and documentation directories. You may also make backup copies of the program and documentation directories.)
  8. Configure your analysis software to point temporary work files to the encrypted sensitive data directory on the external hard drive.
  9. Password protect your screen saver and activate after three minutes of inactivity.
  10. Install a secure erasure program. This program should be run monthly and after the secure data has been removed from the computer at the end of the contract period. (Shred 2 is inexpensive and works well.)

Follow these steps each time you use your sensitive data external hard drive:

  1. Power down the computer.
  2. Disconnect the network cable. (Creating a hardware profile that disables the network interface card is an acceptable substitute for disconnecting the network cable.)
  3. Connect the external hard drive.
  4. Power up the computer.
  5. Login using your local userid.
  6. Do not leave your computer and external hard drive unattended.
  7. Do not copy or move your sensitive data out of the secured directory on the external hard drive for any reason. 

Follow these steps when you are not using the sensitive data external hard drive:

  1. Logout.
  2. Power down the computer.
  3. Disconnect the external hard drive.
  4. Lock the external hard drive in a secure place (e.g., a file cabinet, drawer, or safe).
  5. Connect the network cable.
Form to describe your security plan