Why protect data?
We, as employees of UND, have a legal obligation (governed by laws like HIPAA and FERPA) and an ethical obligation to protect the personal information of our students, faculty, and staff, and also to protect all confidential information entrusted to us. See the NDUS Data Classification Standard to see what types of data are considered confidential and therefore should be protected. Breaches or unauthorized disclosure of confidential information could have serious implications to UND and our community members including financial losses, damage to the University’s reputation, loss of grants, and identity theft.What can I do to protect data?
There are many things you can do to protect data, but here are the top 10.
1. Foster a security-minded culture . Follow the advice in this article, and encourage your co-workers to do the same.
2. Stop collecting and storing data unnecessarily. If you don’t need to collect and store sensitive information, don’t. If you have a departmental form or process that asks for Social Security Numbers (SSN’s), student ids, or employee ids, and you don’t really need that information, don’t ask for it.
3. Don’t store sensitive data on your personal computers (especially laptops). If your department has a file server available to you, store your data on these servers. Storing sensitive data on laptops is especially risky, since laptops are more likely to be lost or stolen. You should also identify and remove all unnecessary files from your computer, especially those files that contain SSN’s, credit card numbers, driver’s license numbers, research data, or other such confidential information. You should consider installing and running Spider on your computer. It is an open source (free) software application developed at Cornell which can scan your computer and find files containing sensitive information.
4. If you must store sensitive data on your laptop, consider encrypting it . Talk to your local IT support personnel, or the IT Security Officer, about options (and risks) for encrypting data on your pc and mobile devices (like laptops, PDA’s and USB drives). Encryption is a method to transform your data so that it becomes unreadable by others, and only you have the key, typically a password, to make it readable again. The main risk is that if you lose or forget this password, you will never be able to read the data again. Window 7 and 8 have a free encryption program built-in called BitLocker, and Mac OSX includes a free encryption program called Filevault. Microsoft Office documents can be encrypted with the built-in encryption functionality. There are also a few open source encryption products available such as GnuPG, GnuPG for Windows and TrueCrypt. For more information on encryption, visit the encryption page on the IT Security website.
5. Protect the paper documents . Don’t forget about the paper printouts, forms, or other documents you may be saving that have sensitive data on them. You should dispose of these documents according to UND’s Records Retention Schedule when you no longer need them, and make sure they are properly shredded or destroyed.
6. Understand email security . You should never send sensitive information through email unless it is encrypted. By default, email is not a secure transmission method, and this information could be intercepted and read. Also, be suspicious of emails with attachments. Email attachments are a common method to deliver viruses and other malicious programs. If you are not expecting an attachment or the email looks suspicious, check with the sender prior to opening the attachment to make sure it is legitimate, or, even better, just delete the email. Finally, don’t fall prey to phishing attempts. Phishing is when someone sends you an email pretending to be someone you trust and asks you to provide sensitive information, such as a password or credit card number. More information on phishing can be found at OnGuardOnline’s phishing page.
7. Use updated antivirus software. Antivirus software protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your computer. Antivirus software works by scanning your computer and your incoming email for viruses, and then deleting them. You need to make sure to keep your antivirus software up to date with the latest signature files in order for it to be effective. The good news about antivirus software is that it is available for free for you to download and use on both your work and home computers. More information is available on the Antivirus page.
8. Keep your operating system up-to-date. Operating systems should be set to automatically retrieve and install patches for you. Doing this will help to make sure your computer is not vulnerable to an attack. Here is a tutorial for turning on automatic updates for Windows. Here is a tutorial for turning on automatic updates for Mac OS X .
9. Use a personal firewall. Firewalls help keep hackers from accessing your computer to delete information, to crash your computer, or to steal information without your permission. While antivirus software scans email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications from and to sources you don't permit. Here is a tutorial for turning on the Windows built-in firewall. Here is a tutorial for turning on the Mac OS X built-in firewall.
10. Secure your accounts. Make sure your passwords are strong. Combine capital and lowercase letters with numbers and symbols to create a more secure password. The longer the password, the better. Consider using a passphrase – a sentence of words (combining with numbers, symbols and uppercase letters makes them even stronger). Look for protection for your online accounts beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.