Skip to end of metadata
Go to start of metadata

Desktop Security

Scope

The College's Information Security Team currently has a policy on confidentiality, in draft form, that does not permit confidential data to be stored on individual staff computers or any type of removable media such as, USB thumb drives, CDs, DVDs, tapes, etc. without the express authorization from the Chief Information Officer. The policy also requires employees storing confidential data on college servers to remove files containing confidential data when no longer needed.

Policy

Files that contain social security numbers and other private information must be deleted from your laptop or desktop computer. It is acceptible to delete the portions of each file that has confidential data. They may not be backed up to removable media. If you are currently storing private information on the College servers, delete files no longer needed and make sure those remaining are stored in a place with restricted access. Strengthen the security of the documents on the College servers by password protecting the files. MS Office provides file-level password protection.

Scanning for Sensitive Data on your Computer

CIT recommends utilizing the Spider scanning tool to identify documents that may contain personal data.

Reference: software.geneseo.edu

Reference: Self Help Instructions (Macintosh)

Reference: Self Help Instructions (Windows)

Note that no perfect SSN scanning tool currently exists. This tool will generate both false positives and false negatives. False positives are files that it thinks includes SSNs which in reality are just a sequence of digits used for some other purpose. False negatives are files it fails to identify which really do include SSNs. The "scan results" will hopefully give you something that helps jog your memory regarding folders and files where SSNs may be stored. Ultimately it is your personal responsibility to insure that SSNs are removed from your computer.

Antivirus Software

An unfortunate reality of modern computing is the computer virus. Malicious software is prevalent from the office to the home computer. To deal with this an antivirus program must be used and kept up to date. SUNY Geneseo uses Symantec Antivirus and has automatically programmed it to regularly check for updates. All SUNY Geneseo Windows computers are required to have an antivirus program on it. While Apple computers are advertised to not have virus risk, Symantec Antivirus is also available for the Macintosh OS.

Good Passwords

Anyone can steal your Geneseo identity. Good password security is important. There are people in the world who crack passwords and use your account to protect their identity in conducting unsavory business such as sending SPAM emails. In recent months, we have had a handful of Geneseo accounts compromised.

Your Geneseo password is the key to many systems containing your personal information. The following are some common rules for secure passwords.

  • Change your password at least every 90 days.
  • Do not use any personal information (birthday, license plate, SSN).
  • Do not use any word that is a name or word in the dictionary.
  • Do not use your Geneseo password for other online accounts.
  • Never write your password down.
  • Never share your password with anyone.
  • Use at least eight characters with a mix of letters, numbers, and special characters
    • Replace letters with numbers and/or characters (for example $ for s, @ for a, 0 for o, 3 for e).
    • Take a phrase or sentence and use the first letter of each word.

While CIT is always taking steps to improve network security, your password is ultimately your responsibility.

Filevault and full disc encryption

Encrypting your data is a good way to keep it safe. Persons with any sensitive information on their computer should consider using an encryption method to keep their files secure. Windows allows users to encrypt any directory. Macs have a feature known as File Vault that will encrypt the home directory. Other products also exist that will encrypt the entire disk drive on the hardware level. As with any encryption, it is very important to never loose the password or it would be impossible to access that data without it.

Locking the screen

Leaving a computer unattended allowes anyone with physical access to that computer to access anything the person logged in had access to. All modern operating systems allow for the computer's screen to lock when the computer goes to sleep or the screen saver has been activated. When someone attempts to use the computer they would have to enter the user's password to access anything.

Trust No One

It has been said that one the internet "you are milliseconds away from every creep on the net." That being said a person surfing the net should take some care in surfing and be aware of what they are doing. Some common viruses pose as fake antivirus programs offering free scans and other services. Downloading anything from sites that you do not trust and do not know is like inviting a questionable character into your living room.

Reference: Geneseo Software Website

Reference: A Beginners Guide to Encryption

Policy: Laptop Encryption Policy

Contact

Sue Chichester
CIO & Director, Computing & Information Technology
sue@geneseo.edu

 

Effective Date: September 2010
Last Updated: September 2010

  • No labels