Information Security Blog

To receive notification about new blog entries, follow SoM_ISO on Twitter

A Reminder about the Importance of Passwords and Encryption

Posted 5:49 PM, February 3, 2011, by eamsel


Password, PIN codes, and security questions may feel like time-wasting nuisances, but that couldn't be further from the truth. These vital nuggets of secret information, when paired with encryption technology, keep patient and other restricted information safe. Without these protections in place, a lost or stolen device leads to an immense amount of time spent investigating, reviewing files, and notifying affected individuals - much more time than would be spent entering passwords.

Encryption and passwords go hand in hand. One without the other provides no protection. And remember, giving out your password is just like removing it. Never share your password with anyone, even if they appear to work for the technology group. The various Stanford technology groups will never ask you to reveal your passwords.

These same rules apply to smartphones (Blackberry, iPhone, Android, etc.) and tablets (iPad). Only devices that are encrypted and password-protected can be used to access or store patient or other restricted information (see http://securecomputing.stanford.edu/dataclass_chart.html for more information about what constitutes "restricted" information). The Stanford email system frequently contains restricted information and consequently, should only be accessed on encrypted and password-protected devices. At this time, only Blackberry, recent iPhones (3GS and 4) and iPad have encryption. Smartphones and tablets without encryption should have passwords in place and must only access campus email and calendar through mobile webmail (https://webmail.stanford.edu ), which doesn't download information onto the device.

Remember, failing to properly protect your devices and passwords places you, the institution, patients, and research subjects at risk.

More information about securing your devices can be found on the Information Security Services website (http://irtsecurity.stanford.edu/).

Stanford Medicine Resources:

Footer Links: