MSU-Northern ITS: IT Security

Information Technology Services: Data Security

All University employees and/or persons with access to University data have a responsibility to respect the highest level of privacy for all members of the University community.

Consider what information you store & where you store it

Do not store personally-identifiable information (PII) about others on either desktop computers, or any portable media (such as laptops, flashdrives, etc), even though it may be convenient to do so. The convenience of having the information is not be worth the risk of exposing someone else's identity to theft, and exposing you and the University to the liability and bad publicity that may follow.
Do not store sensitive information on web servers or other machines that are open to the public. Web servers draw outside users, and provide security holes if they are not constantly patched and kept up-to-date.

Protect information stored electronically

Leave data on the server. Avoid copying or downloading sensitive data from the University's administrative systems to your desktop computer, laptop, web server, PDA, etc. unless absolutely required. Make sure you have permission from your department administrator before downloading.
Do not send unencrypted sensitive data via email. Email messages can be intercepted by third parties.
Lock your office doors if no one from your department will be in the office. Protect printed sensitive data in a locked desk, drawer, or cabinet. Don't leave unattended sensitive data on a copier, fax machine, or printer. Shred sensitive data that needs to be discarded.
Shut down your PC when you leave for the day
Screen lock computer workstation when leaving it unattended
Don’t allow anyone else access to your computer in your absence.
Manage passwords wisely
- Use strong passwords
- Do not post passwords near or on computers
- Never give anyone else your login password, or any password.
- MORE on passwords...
Use secure connections to access resources. Use the VPN access to securely connect to the Northern network while at home or away.
Remove all data from all devices (computers, PDAs, cell phones, etc) BEFORE they are transferred to another user or department, sold, or otherwise disposed of.

Respond to requests for information about students in accordance with FERPA.

DO NOT:

use the University ID number of a student in a public posting of grades or any other information.
link the name of a student with that student’s University ID number in any public manner.
leave graded tests, papers, or other student materials for students to pick up in a stack that requires sorting through the papers of all students.
circulate a printed class list with student name and University ID number, photo, or grades as an attendance roster.
discuss the progress of any student with anyone other than the student (including parents) without the consent of the student.
provide anyone with lists or files of students enrolled in your classes to anyone.
provide anyone with student schedules or assist anyone other than university employees in finding a student on campus.
access the records of any student for personal reasons.
store confidential student information on any computer unless that information is required and secure from intrusion.

If you’re in doubt about a request for student information, contact the Registrar's office.

Report any fraudulent attempts to obtain student information to the Registrar, who can then report the attempt to the appropriate law enforcement agencies.

Top of page

Return to IT Security Home

Quick Links Help Desk - 3765 ITS Home IT Security Services Information About... Site Index In this section... IT Security Stay Updated! Passwords Data Security Firewalls Virus Protection While Traveling... Types of Threats E-mail Safety & Spam Phishing Identity Theft Malware Web Surfing Safely Social Networks Online Harassment Copyrights & Peer-to- Peer (P2P) Applications Related Links (external) MSU Security Web Site Help Desk MSU-Northern students, faculty and staff - Use the ITS Help Desk as the first point of contact for your technology problems, questions & services! Information Technology Services Help Desk Walk-in Support: Cowan Hall 117B Telephone Support: 265-3765 E-Mail Support: itstech Last Updated: 18-Jun-2009
	Information Technology Services: Data Security All University employees and/or persons with access to University data have a responsibility to respect the highest level of privacy for all members of the University community. Consider what information you store & where you store it Do not store personally-identifiable information (PII) about others on either desktop computers, or any portable media (such as laptops, flashdrives, etc), even though it may be convenient to do so. The convenience of having the information is not be worth the risk of exposing someone else's identity to theft, and exposing you and the University to the liability and bad publicity that may follow. Do not store sensitive information on web servers or other machines that are open to the public. Web servers draw outside users, and provide security holes if they are not constantly patched and kept up-to-date. Protect information stored electronically Leave data on the server. Avoid copying or downloading sensitive data from the University's administrative systems to your desktop computer, laptop, web server, PDA, etc. unless absolutely required. Make sure you have permission from your department administrator before downloading. Do not send unencrypted sensitive data via email. Email messages can be intercepted by third parties. Lock your office doors if no one from your department will be in the office. Protect printed sensitive data in a locked desk, drawer, or cabinet. Don't leave unattended sensitive data on a copier, fax machine, or printer. Shred sensitive data that needs to be discarded. Shut down your PC when you leave for the day Screen lock computer workstation when leaving it unattended Don’t allow anyone else access to your computer in your absence. Manage passwords wisely Use strong passwords Do not post passwords near or on computers Never give anyone else your login password, or any password. MORE on passwords... Use secure connections to access resources. Use the VPN access to securely connect to the Northern network while at home or away. Remove all data from all devices (computers, PDAs, cell phones, etc) BEFORE they are transferred to another user or department, sold, or otherwise disposed of. Respond to requests for information about students in accordance with FERPA. DO NOT: use the University ID number of a student in a public posting of grades or any other information. link the name of a student with that student’s University ID number in any public manner. leave graded tests, papers, or other student materials for students to pick up in a stack that requires sorting through the papers of all students. circulate a printed class list with student name and University ID number, photo, or grades as an attendance roster. discuss the progress of any student with anyone other than the student (including parents) without the consent of the student. provide anyone with lists or files of students enrolled in your classes to anyone. provide anyone with student schedules or assist anyone other than university employees in finding a student on campus. access the records of any student for personal reasons. store confidential student information on any computer unless that information is required and secure from intrusion. If you’re in doubt about a request for student information, contact the Registrar's office. Report any fraudulent attempts to obtain student information to the Registrar, who can then report the attempt to the appropriate law enforcement agencies. Top of page Return to IT Security Home		PII Examples of Personally Identifable Information: • Names • Addresses • Birthdates • Telephone numbers • Social security numbers • Account numbers • Certificate/license numbers • Biometric identifiers, including finger and voice prints PII Assessment Do you have legally protected data on your PC? If so, you should ask yourself these questions. • Do you actually need to have the data? • Can the data be de-identified, i.e. deleting the names from the record sets? Poorly Hidden Secrets It’s easy to spot the Post-It notes with your passwords hidden under the keyboard, in your binder, or worse still, on the side of your monitor. Instead, create a strong password that is easy for you to remember. Screen Lock It! Remember to lock your computer’s screen every time you step away from your computer. It only takes a few minutes for someone to download a database or access confidential or financial records. Report Security Incidents Report stolen devices (laptops, PDAs, etc) and suspected computer break-ins to ITS immediately. The sooner we know about an incident, the sooner we can respond, potentially limiting any damage.