Computer Security and Privacy
Private information should be shared only with individuals who are required to have the information in order to fulfill their job responsibilities, i.e., on a need-to-know basis. Beyond that, you also have an obligation to protect the data.
General tips for protecting data:
- Always be aware of your surroundings, i.e., don’t discuss protected information in the cafeteria, hallway, open offices, on speakerphone, etc.
- Use e-mail wisely. Be aware that e-mail, by nature, is not secure and always think before you hit send (i.e., is this going to the correct person? Should this information be password protected? Does the person need to know this information in order to fulfill his or her job responsibilities? etc.)
- Private information is not just what is on your computer. Printouts, reports, any piece of paper with private student or employee information must be carefully stored and disposed of (shredded). Protect the data by properly securing file cabinets and drawers, not leaving documents out on your desk while you are away and securing your office when it is not staffed.
- Refer calls or other requests for any private information to designated individuals who have had safeguards training. Recognize any fraudulent attempt to obtain customer information and report it to your department head or the appropriate college contact. A list of contacts for each of the Acts is included at the end of this brochure.
If you suspect private information is compromised, immediately contact your supervisor to determine the appropriate parties to notify. The following contacts may be helpful:
- Security Concerns: Public Safety, ext. 4112
- Campus Emergencies: ext. 4111
- Janelle Vogler, internal auditor, 913-469-8500, ext. 4574
Today’s desktop workstations must be configured and used in a secure manner for two reasons. First, it is likely that some information housed on that computer is of a sensitive, confidential or proprietary nature. Therefore, only authorized individuals should have access to it. Liability may be incurred if information is not protected using generally accepted protection methods (“due diligence”) and that information is improperly disclosed. Second, the integrity of the system (operating system, application programs and data files) is critical. Applications must operate as expected, when expected, and the data they use must be complete and correct. The following guidelines will maximize the security of your workstation:
- Your workstation should have a screensaver activated that is password-protected. The interval for activation should be between 3 and 5 minutes. This will provide adequate insurance against the walk-by use of workstations that are “up” (operating). Anyone with system administrator authority (i.e., a high security clearance) is strongly urged to comply with the lower end of this interval range. Most general users are comfortable with a 5-minute screensaver interval.
- Do not allow file sharing (“shares”) on machines without securing them to authorized users only. Make certain object, device and file access controls are appropriate.
- Ensure virus protection software is installed on your workstation and install updates on a regular basis. Updates for new viruses are generally made available every week. (Your software can be configured to be automatically updated.) Configure your virus software properly so that it actively scans all incoming objects for virus infections.
- Do not allow anonymous access of any kind (e.g., FTP, dial-up) to your workstation. Public read-only data should be shared from a server location. FTP and dial-up access to a workstation should be protected with user authentication.
- Ensure that you have adequate backups of files. Copy them to a secure server location or make floppy disk or zip drive backups and store them in a secure location.
- Keep your operating system and application software up-to-date. Updates are available from vendors on a regular basis.
- Always turn off workstations when not in use (e.g., overnight).
- Routinely change your application passwords. The recommended interval for password changes is 60-90 days. Depending on your environment and the sensitivity of the data to which you have access, more frequent changes, such as every 30 days, may be warranted.
- If you believe office keys have been lost, misplaced or stolen, recommend to your supervisor, department head or adviser that doors be re-keyed by Campus Services.
- Never execute a program (“.exe” file) if you do not know what it is/does or if you do not trust the source. This is particularly the case for files that are sent to you via e-mail or are downloaded from a Web site you do not trust.
- Investigate your workstation/drives on a regular basis to look for suspicious files. Use a naming convention for your files and a directory structure naming convention. Be sure to look for hidden files and directories.
For more information on protecting against SPAM, pop-up ads, viruses, worms, browser highjacking, adware, spyware and phishing, please click on the link below. You will need Adobe Reader to open the file.