Most of us deal with sensitive information. This may be our own personal information or confidential information about staff, faculty, students, donors, or alumni. This information can be stored in Moodle, Novell, Datatel, but we also store information in Excel, Word, and Access.
July 2006, the Cabinet, approved Appendix B of the Policy on Responsible Use of Technology that covers “Information Security: Ownership, Right to Use, and Protection of Information”.
There are 3 major areas covered by Appendix B:
- Protecting confidential information on electronic devices
- Protecting printed confidential information
- Protecting confidential information in e-mail/IM
Each of us has a responsibility
In the age of identity theft, we must be sure that any confidential information we have access to is protected against theft. That means that we are responsible not only for the protection of our own identity information, but also for the protection of the confidential information that we have access to.
It is important that each of us consider what could happen to the confidential information we work with in the event that it is lost, stolen from our possession or that our password is compromised.
What kind of information are we talking about?
This information can include but is not exclusive of:
- Social security numbers
- Phone numbers
- Salary and wage information
- Sensitive correspondence
- Legal documents
- Health and disability information
- Credit card and bank account information
What are your responsibilities in protecting confidential information?
- Use a strong passphrase or password.
- Lock your computer with a screen saver password.
- Shut down your computer down at night.
- Shield your computer screen from displaying confidential information.
- Protect printed confidential information.
- Only use secure connections when sending confidential information over the Internet or by e-mail.
- Store confidential information is a protected area. Protect confidential information stored on any portable electronic medium (such as laptop, CD, DVD, or USB drive)
What are CIT's responsibilities in protecting confidential information?
- Remove confidential information when computers or electronic media containing confidential information are disposed of or redeployed.
- Protect access to Calvin servers by use of firewalls and other authentication methods.
- Provide encryption for your portable electronic devices.
Where the data is stored matters!
While information stored in Colleague, KnightVision, Novell is secured by a passphrase, information stored in stored on your local hard drive or any portable electronic device needs to protected using encryption. Please contact the HelpDesk for information on encrypting portable electronic devices. Here are some considerations for various portable devices:
- Laptops can be stolen from your home or office or while you travel. If stolen, you not only lose the computer, but all data on it is now in the possession of someone who isn't authorized to have that information.
- Desktops can be stolen from your office. It is unfortunate, but Calvin has several desktop computers stolen every year. In addition, someone could steal information from your hard drive when you are not there and you probably would never know it happened.
- USB Memory Keys are very popular and are very easy to lose. What information are you putting on your USB memory key that should not be seen by others?
- CDs: Some of us regularly burn copies of our files onto a CD for portability and/or for backups. If you store data on a CD sure you keep it in a safe place. Before throwing a CD away be sure you destroy it before disposing of it. The best way to destroy a CD is to take a key or other sharp object and scratch the surface thoroughly.
- PDAs such as Palm Pilots are being used more frequently for storing more information than appointments. Software like Documents to go lets you copy an Excel or Word file to your PDA. If your PDA is lost or stolen any data on it is at risk as well. You should consider using a power-on password. In the same way, take care to password-protect your cell phone.
In general, any portable storage device or storage media can be lost or stolen. It is important that each person be aware of what personal information (yours and others') is stored on such devices and take appropriate steps to reduce the risk of identity theft.