Don't Forget about Temporary Internet Files

On our Information Technology Audits, one of the things we do is spot check workstations to see if it appears employees are storing nonpublic customer information in documents on their workstations.  One of the reasons we discourage storing confidential files on a user's local computer is that it helps prevent the loss of confidential data if a computer is stolen.  When looking for these files, most people know to check on the Desktop and My Documents folder.  However, there is a location where these confidential files can exist that is commonly overlooked - the user's Temporary Internet Files directory.  There are a few different ways a file with confidential information can unintentionally end up in your Temporary Internet Files. [more] One way a copy of a file can be left in the Temporary Internet Files directory is when the document is an attachment to e-mail messages and it is opened.  Another situation where a file would be saved to the Temporary Internet Files is when you download and open a file from a webpage on your local intranet or any other website. 

We recommend deleting your Temporary Internet Files everytime you logout/shutdown to avoid unintentionally storing files with confidential information on your local hard drive. There are a couple ways to do this. The most reliable way to delete the files is to setup a script that runs automatically when you logoff or shutdown the computer.  Here is a good example of a script to delete Temporary Internet Files by the Scripting Guys at Microsoft TechNet.  If for some reason you must store confidential files on a workstation then you should look into protecting the hard drive of that system with full disk encryption.

Security and Compliance Security