Security Tips #2 - Safeguarding Sensitive Data

Image Source: http://tinyurl.com/oczxgwv

Have you experienced a "phishing" attack, which is a way of "tricking" you out of your username and password for web-based services. These attacks seek to obtain the username and password of someone's email and then it spams everyone in the victim's contact list. If you are attacked, avoid clicking on links that don't make sense. If you do click the link and enter your username and password, then move quickly to change your password to prevent further unauthorized access to your accounts. 

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

PREVENTING LOSS OF SENSITIVE DATA

In this second series of tips, here are some suggestions to help you avoid being the source of a sensitive data loss. A loss of sensitive data occurs any time there is unauthorized access to school district data, including FERPA data. Lost laptops, external USB hard drives, lost USB stick/PEN/flash drives are the main causes of data breaches. 

You can help protect against data breaches--unauthorized access of student and staff confidential/sensitive data and/or personally identifiable information (PII) by following these tips:

1. Avoid discussing sensitive data in the presence of unauthorized personnel. If they are not authorized to view sensitive data, then they are not authorized to hear about it either.
2. Lock or logout of your computer when you leave it alone. Going to lunch? Going down the hall to the restroom? Make sure to secure your computer or device...don't leave it logged in, even if you're just on your web browser checking out the lunch menu. And, if you're using a mobile device, turn on passcode access and take advantage of mobile device encryption. It requires a little more time, but can save countless hours and funding in case of a breach. 
3. Never use work email for personal purchases and/or items. Aside from being "discoverable" during public records or legal proceeding (which you may not even know is happening), you should use a different, non-work email for personal finances. 
4. Avoid saving sensitive data in un-encrypted format directly to your computer, flash drives, and other storage media. Did you know that an encrypted drive or device with sensitive data on it does not count as a data breach? Avoid saving confidential information to places such as your Desktop, MyDocuments, or your hard drive; instead, create a folder with confidential data and make sure it's encrypted. If your computer/laptop/tablet is stolen, any un-encrypted sensitive data stored on your device will be accessible by the thief and anyone else who touches that device. More information on what and how to encrypt sensitive data properly is online at http://tinyurl.com/ecbesafe
5. Shred paper copies. It doesn't matter if you are all digital if a paper copy ends up stolen from your desk, car or home. Store sensitive documents in a lockable file cabinet or drawer, and make every effort to shred paper as soon as possible.

Questions? Please don't hesitate to email or call!