CSI_Data_Security

<% l2newheader %>

CSI Computer Data Security

Computer users at the College of Southern Idaho (CSI) have responsibility to safeguard the information stored and used on their systems, and limit liability due to theft or loss to the fullest extent possible. The purpose of this document is to provide guidelines and recommendations to do so.

Data Protection

CSI Information Technology Services (ITS) strongly encourages its computer users to protect the data they store and access. Particular attention should be afforded to sensitive data. Sensitive data may include any of the following:

Personal info on individuals, including donors, volunteers, alumni, friends, faculty, students, attendees, and staff. FERPA applicable information qualifies as sensitive data.
Confidential data that contains demographic, biographic, gift, membership, employment, academic, admissions, or financial information associated with a specific individual.

For users who must store sensitive data on their laptop:

ITS strongly recommends disk encryption software for any laptop that will be used for storing restricted or sensitive personal information. Please contact the Helpdesk x6311 to learn more about getting your laptop data encrypted.

General data protection guidelines

Setup a screen saver password. This prevents unauthorized access to your computer when you step away from your desk. We recommend enabling the screen saver to kick in after 10 minutes of inactivity.
Lock the Door. Keep the location of where your computer resides locked when you are away from your desk.
Protect Removable Media such as USB thumb drives or external hard drives. Encrypt the media if it contains any sensitive data.
Shred your printouts. Shred any papers that may contain sensitive data, such as class rosters, class schedules or other information.
Use caution in your Internet browsing. Many web sites look innocent but secretly download spyware, trojans and keyloggers on your system. Internet gaming, pornographic, and peer to peer file sharing sites are notorious for “drive by” downloads. Be cautious with other sites as well: a major nationwide retailer was recently cited for pushing tracking spyware onto customer computers. Programs such as McAfee’s Site Advisor (http://www.siteadvisor.com) assist Internet users by identifying rogue websites.
Do not share your passwords. Don’t post your password(s) where others may see them. Do not allow workstudies to get on the system using your credentials.
Do not allow students or family members (including children) to use your office computer. Too often visitors are given unauthorized access to your office computer. This puts your computer, the files it contains, and the network in jeopardy. We receive many service calls asking us to clean spyware and viruses off computers where unauthorized users have downloaded rogue software.
Power off of your PC at the end of the day. This helps prevent unauthorized intruders from accessing your files and the network using your credentials.
Perform regular backups. Backup your My Documents folder regularly. Because of space limitations, we do not recommend you backup to the network. Use a USB hard drive or USB thumb drive instead. If you use a backup drive, do not keep it near your computer. Instead, store it in a secure location, such as a locked cabinet.

Additional guidelines for securing your laptop:

· Protect Confidential data: Do not download confidential data to your laptop unless you need to work on it. If the data resides on the network, leave it there – don’t copy it to your local drive.

· Encrypt your hard drive: By encrypting your hard drive, you add another layer of data protection. Even if someone gains access to your laptop, they can't decrypt the files to see your information. Please contact the Helpdesk x6311 about getting your hard drive encrypted. This protects you, the College and our students in the event of loss or theft. The cost of encrypting the hard drive is small compared to the value of the data.

· Use wireless with caution: Wireless connections are notoriously insecure and easy for bad guys to sniff. This is true for wireless connections anywhere - in airports, hotels, conference rooms, Internet cafés, even at the College of Southern Idaho.

Traveling guidelines with a laptop:

	Avoid using computer bags: Computer bags can make it obvious that you're carrying a laptop. Instead, try toting your laptop in something more common like a padded briefcase or suitcase.
	Never leave access numbers or passwords in your carrying case: Keeping your password with your laptop is like keeping the keys in the car. Without your password or important access numbers it will be more difficult for a thief to access your personal and corporate information.
	Carry your laptop with you: Always take your laptop on the plane or train rather then checking it with your luggage. It's easy to lose luggage and it's just as easy to lose your laptop. If you're traveling by car, keep your laptop out of sight. For example, lock it in the trunk when you're not using it.

	Keep your eye on your laptop: When you go through airport security don't lose sight of your bag. Hold your bag until the person in front of you has gone through the metal detector. Many bags look alike and yours can easily be lost in the shuffle.
	Avoid setting your laptop on the floor: Putting your laptop on the floor is an easy way to forget or lose track of it. If you have to set it down, try to place it between your feet or against your leg (so you're always aware it's there).
	Buy a laptop security device: If you need to leave your laptop in a room or at your desk, use a laptop security cable to securely attach it to a heavy chair, table, or desk. The cable makes it more difficult for someone to take your laptop. There are also programs that will report the location of a stolen laptop. They work when the laptop connects to the Internet, and can report the laptop's exact physical location.
	Use a screen guard: These guards help prevent people from peeking over your shoulder as you work on sensitive information in a public place. This is especially helpful when you're traveling or need to work in a crowded area. This screen guard from Secure-It is just one example of a screen guard you could use.
	Try not to leave your laptop in your hotel room or with the front desk: Too many things have been lost in hotel rooms and may not be completely secure. If you must leave your laptop in your room, put the "do not disturb" sign on the door.