Security For Portable Computing and Media Devices

Notebook computers, USB flash drives, and other portable computing and data storage devices are often used outside of a secure office environment. This makes them particularly vulnerable to loss. As a result, extra care needs to be taken to protect these devices and any “not public” data contained on them.

Information stored on computers and other data storage devices should be securely encrypted with a strong password. To protect both the data and the equipment, the following security measures should also be considered:

• Government data should not be stored on non-government equipment such as personal computers, personal USB flash drives, and other personal devices.
• “Not public” data should only be stored on a notebook computer or other portable data storage devices when there is a business need.
• When a government computer or other data storage device is no longer needed, all internal and external storage should be securely erased and/or destroyed.
• Cable locks should be used for all computers except when in transit: when possible, computers should be physically secured in transit.
• Computers and portable data storage devices should never be left in an unattended vehicle for a prolonged period of time. If it is necessary to leave computers or other portable data storage devices in an unattended vehicle, they should be secured and hidden from view.

The State's MN.IT Services has a number of resources available for governmental entities who are drafting security policies for portable computing and media devices. To access this material, go to MN.IT’s website at:

https://mn.gov/mnit/programs/security/.

Date this Avoiding Pitfall was most recently published: 01/13/2023