| Good security practices help protect privacy Thanks to computers and the Internet, it is easier than ever to access and share information. Unfortunately, such convenience can cause problems when sensitive information is exposed to unauthorized viewers. Years ago network security staff were more concerned about hackers, but today there is just as much to fear from data that is simply exposed unintentionally. Each semester colleges and universities around the country report data breaches that are often caused by stolen laptops, viruses, spyware, and transmissions over networks that are not secure. Thanks to laptops, removable storage media, e-mail, and other technologies, information is extremely portable today. A few years ago you needed a specific software application running on a private network to access personal AU-related information. Now you can access personal financial and academic information from computers on public networks and even from cellular phones or other handheld devices. There are a few simple precautions you can take to ensure that your personal information is not unintentionally exposed. Think about the sensitive information you have access to, whether it is your own personal information or that of others. Consider all of the ways you access, use, and share this information. Sensitive information stored in a document, spreadsheet, or other file format should never be kept on a laptop computer or removable storage device like a USB flash drive. Save these files to your personal network drive (G: Drive) instead. You will still have access to these files from off campus as long as you have an Internet connection. If you must store sensitive information on portable devices for university business, use encryption built into applications like Microsoft Word and Excel. Both of these applications allow you to enter a password and an encryption type by selecting “Options” from the “Tools” menu and then selecting the “Security” tab. Keep in mind, however, that if you forget the password to your encrypted files, you will lose the files. OIT will not be able to recover passwords that you set on individual files. Sharing files via e-mail, over a public network, or even in print can also put them at risk. Never transmit sensitive information via non-AU e-mail accounts such as HotMail, GMail, or AOL. Sensitive paper documents should be handled carefully and shredded as soon as they are no longer needed. Sensitive files that are no longer needed should also be deleted. Change your passwords every 90 days in compliance with university requirements, and never log in to sensitive accounts using a publicly accessible computer. It is also important to keep all computers you use at home or at work up-to-date with security patches, antivirus protection, and a personal firewall. Never give out your username and password to others, and never share sensitive information with those who have not been approved for such access. If you are aware of any type of security breach or unintentional exposure of sensitive information, report it immediately to cio@american.edu. If you have any security related questions, need to share sensitive information with non-AU individuals, or need to access sensitive information from off campus over a public network, please contact the Help Desk for assistance at 885-2550 or helpdesk@american.edu. The AU Information Technology Security Policy, and the Computer Use and Copyright Policy can be found at http://help.american.edu under the “Policies” section. |
