October is National Cybersecurity Awareness Month. This annual event is designed to educate and empower people to use the Internet safely and securely. Take a closer look at this article with tips on how you can increase your online knowledge and safety.
We all have a responsibility to know basic information security protections to safeguard data and prevent those data from being mishandled:
- Update your computing devices: Ensure updates to your operating system, web browser and applications are being performed on all personal and institution-issued devices. If prompted to update your device, don’t hesitate—do it immediately.
- Enable two-factor authentication: Whether for personal use or work, two-factor authentication can prevent unauthorized access even if your login credentials are stolen or lost.
- Create really strong and unique passwords: Create unique passwords for all personal and work accounts. In today's environment, one of the best ways to create a really strong password is to use a password manager for all of your accounts. A password manager will alleviate the burden of having to memorize all the different complex passwords you've created by managing them all in one “vault” and locking that vault with a single master password.
- Protect your devices: Using biometrics or six-digit passcodes on smartphones and tablets is critical to keeping curious minds from accessing personal information, work email or retail/banking applications. It also helps protect your device if you lose or misplace it.
- Understand where, how and to whom you are sending data: Many breaches occur because of “oops moments” where we accidentally post sensitive information publicly, mishandle or send it to the wrong party via publishing online, or send sensitive information in an email to the wrong person. Taking care to know how you are transmitting or posting data is critical.
Getting ready to send data to a vendor or sign a contract? With more and more services moving to the cloud, higher education institutions have an additional obligation to ensure that third parties are protecting our most sensitive information. If you or your department is looking to purchase or adopt a service or technology that uses institutional data, it is imperative that you include information technology at the beginning of the project or contract process to help ensure that data are properly protected. To determine whether or not IT should be involved in the vendor/contract process, ask yourself the following questions:
- Does the project (and in-scope technologies) involve the handling or storage of personal data (e.g., student data, employee data, donor data, research data or financial data)?
- Does the project (and in-scope technologies) involve the handling or storage of personal data that is regulated by government entities or has special contractual obligations to a third party (e.g., contract sponsored for research)?
- Is there a transfer of any institutional data from an institution-owned system or device to a third-party vendor-contracted system or device?
- Does the project involve acquiring/implementing/developing software, services or components that your institution has not previously deployed?
- Does the project involve providing a new data feed to an existing campus partner?
- Does the project involve accepting card payments in any way?
If the answer to any of the above questions is “yes,” collaborate with your IT department at the beginning of the project to ensure that institutional data are properly protected.
© 2018 Chad Tracy. The text of this work is licensed under a Creative Commons BY 4.0 International License.