part 2 of evil lurking in websites data security at the university of wisconsin oshkosh
TRANSCRIPT
Part 2 of Evil Lurking in Websites
Data Security at the University of Wisconsin
Oshkosh
How Do We Protect the Data?
• What Data are We Protecting? How We Classify University Data
• Who Is Responsible for Protecting the Data?
• Our Top 10 Recommendations for Data Protection
UW Oshkosh Data Classifications
Data Security: It Takes the Whole University Community
Security Officer and IT staff in Academic Computing, Administrative Computing and Networking
Technical Solutions such as firewalls, virus protection, Websense, Identity Finder
Data Classifications with alternatives for storage and usage
IT cannot do data security alone! Securing the Human!
User Awareness is Essential
• Security Advisory Group – Website, etc.• Demonstrations - What You Just Saw• Top 10 Tips/Guidelines for UW Oshkosh
Community
Top 10 Ways to Protect Confidential Data: # 1
1. Store confidential data only on departmental shared drives.
• Do not store it on your desktop• Do not store it on personal devices• Do not store it on Google drive• Do not store it in Titan Files• Do not store it on public web sites• Do not email it• Do not store it in a dropbox
Top 10 Ways to Protect Confidential Data: # 2
2. If your computer accesses confidential data, do not shop or access news or social media for personal purposes.
• Issues with shopping• Issues with news sites and social media• If there are business purposes for these
activities, ideal solution is isolated, restricted workstations.
Top 10 Ways to Protect Confidential Data: # 3
3: Avoid phishing attempts. • What is phishing?• Think before you click on links in email
messages. • Beware of links that look legitimate but are
not (e.g. ebay.something.com). • Do not respond to emailed (or phoned or in-
person) requests for your login information or passwords.
Top 10 Ways to Protect Confidential Data: # 4
4: Practice good password hygiene.• Do not share passwords with anyone. • Use strong passwords (not things that
anyone could know about you like your birthday or your pet's name and mix case, letters, numbers and symbols).
• Try not write passwords down; if you must, store in locked location.
• Password protect your mobile devices.
Top 10 Ways to Protect Confidential Data: # 55. Lock your computer when you are
not at your desk. • For Microsoft Windows, click Control_Alt_Delete
and select "Lock this Computer.") Or click the Windows Symbol and L.
• For Mac OS X, set your screen saver to require a password via the System Preferences "Security and Privacy panel; then in the "Desktop & Screen Saver" panel, under "Screen Saver," use the "Hot Corners" button to turn on your screen saver by moving your mouse to one of your desktop corners.
Top 10 Ways to Protect Confidential Data: # 6
6. Do not install non-work related software on your university computer.
• Do not install games on your computer.
• Do not share your computer with anyone.
Top 10 Ways to Protect Confidential Data: # 7
7. Do not access or store confidential or sensitive data in databases that are not secured or encrypted.
• Are these databases really needed? Can a larger system give you needed info more securely?
• If needed, how and where can these databases be stored?
• If in doubt, contact the Help Desk.
Top 10 Ways to Protect Confidential Data: # 8
8. Make sure that the virus protection on your computer is current and pay attention to results of scan.
• Scan does not solve problem, it simply identifies the problem
• If you notice any problems after scan (even if quarantined) , always contact the Help Desk!
Top 10 Ways to Protect Confidential Data: # 9
9. Manage your accounts responsibly.• Everyone should only have the access
needed for his/her job.• If you are a supervisor, make sure staff
accounts are appropriate and that accounts are locked when staff retire, resign or transfer.
Top 10 Ways to Protect Confidential Data: # 1010. If you must access confidential
University data from off- campus, contact the Help Desk for options.• Only with University owned computers • Obtain Supervisor’s approval and contact
the Help Desk for options such as VPN if using shared directories
• Never let anyone else off-campus use the University owned computer
• Follow Tips 1-9 with this computer (only as safe as computer is clean)
Conclusion
• Questions?• Thank you!
• Contact Information• Richard Montano [email protected]• Julie Wilkinson [email protected]