Unauthorized access to restricted data and sensitive data can have significant detrimental effects on individuals or the institution. There have been sizeable information security breaches at higher education institutions that resulted from the loss or theft of laptops or other portable devices and media. Desktop computers and devices also pose a significant risk due to the difficulty of providing adequate and consistent physical and network security. Overall, loss, theft, and unauthorized physical or network access account for approximately two-thirds of information security breaches.
Experience in higher education has demonstrated that an information security breach can be very costly to the affected individuals and the institution. Anti-virus software, security updates and firewalls cannot fully protect devices and media. The most effective way to reduce risk is to reduce the amount of restricted data and sensitive data that is present. Encryption reduces the risk of unauthorized access to any remaining restricted data or sensitive data.
Applies to anyone who stores restricted data or sensitive data, as defined in UW-504 Data Classification policy.