If you have been identified as someone who handles personal information on a routine basis, you will be required to take a short course and pass an exam that certifies you as an EKU data trustee.Taken from materials in the course, this support article explains the top 3 ways to keep data secure at EKU.
1. What happens at Eastern stays at Eastern
Moving data to some sort of external device, such as a USB Flash drive or CD-ROM is a problem when data contains personal information. Once you move files to external media, EKU loses the ability to protect this information through our network security system. In general, we suggest you adopt a “what happens here, stays here” attitude about personal information.
- Keep all personal information on the system where it was created
- If you must keep exported copies, do so on EKU network drives
- Do not use external media to transport data
- Do not use email to send confidential data
2. Keep your password secure and unique
A password is an entry key to computer systems -- a key that anyone can try to copy or guess 24 hours a day. EKU forces password restrictions and a reset schedule on some -- but not all -- systems. Make sure your passwords are difficult to guess by following these suggestions:
- Make your passwords long, at least eight characters
- Use letters, numbers and special characters
- If you have a password file, make sure it is in a secure location
3. Guard against social engineering
The social hacker takes advantage of your trusting nature to get confidential EKU data. Some guidelines for ensuring that you do not fall victim to these schemes:
- Question the assertions someone makes. If someone calls claiming to be from a certain office and you are not sure of this, make a phone call to that office. Verify that person’s credentials before you hand over information.
- If someone you do not recognize comes to your office claiming to be from another office, make a phone call to either that office or Public Safety.
- If someone claims to be a member of IT staff, a quick call to either the Helpdesk or public safety will clear this up. This has happened many times over the years, and it does not bother us at all. In fact, we are usually impressed that people care enough to check things out.
- Report any suspicious activity to your supervisor or Public Safety.
A Note about Phishing
Phishing is a special type of social engineering. See more information about phishing in this support article.