Tip of the Month: Don't Be a Weak Link!
Keeping our sensitive information safe is vital to the mission of our university. There is more to keeping our information secure than simply protecting it from intruders, however. One of the largest causes of exposure of sensitive data is user error. This doesn’t involve somebody attempting to break into our computers, databases or offices, it is simply an employee making a mistake when happening to work with sensitive data.
Storing Sensitive Data
- If, as a part of the duties associated with your job, it is necessary to store sensitive data electronically it should never be stored on one's desktop computer. The IT Center provides a centrally funded secure server known as Knox. Knox is the appropriate location to store any sensitive data and folders are provided free of charge for appropriate use. If you or your department are interested in having a secure folder created on Knox send an email to firstname.lastname@example.org. Be sure to include a description of what you will be storing, who will be needing access, and what type of access will be needed (Read/Write or Read-Only.) You may also include a desired folder name.
- The storage of sensitive data through any other mean is discouraged. If it is necessary for any reason, however, the data should always be encrypted. This includes data stored on USB drives, laptops, etc. .
- If storing physical copies of sensitive data, such as on paper forms, reports etc. the information should never be left unprotected. Be sure that there is a secure location such as a locked drawer or cabinet that the information can be stored in to prevent unauthorized access when they are not in use.
Sharing Sensitive Data
- Data sharing should be done through Knox fileshares whenever possible. Appropriate folders with the required permissions can be set up for this express purpose. Any individuals with whom sensitive information is being shared must first be authorized by the data steward or their delegate.
- E-mail is not a secure means of communication and must never be used to transfer sensitive data.
- If Knox does not appear to be a viable method of sharing or storing sensitive data for your purposes please contact the Enterprise Security Group email@example.com for advice on an appropriate way to proceed.
- All it takes is one wrong click for sensitive data to end up in the wrong hands. Be sure that anytime you are working with or handling sensitive data that you take your time and think twice before you store it, move it or share it. Taking that time can make all of the difference in keeping our information from ending up in the wrong hands. If, while working with sensitive data at any time, you are unsure of the appropriate way to proceed never hesitate to ask a member of the Enterprise Security Group. We are here to help make your jobs easier while keeping our information safe.