Data Security

#PrivacyProject

What do the apps you use collect about you? How much control over your device and your information are you giving when you download them?  Are you concerned?  Should you be?  Do you take a look at their Privacy Notices or Statements before you download?

Take a look at this video from the #PrivacyProject:

The message: read those Terms & Conditions and Privacy Statements that apps publish before you download or give permission for an app to do something.  If you cannot find a privacy notice or a statement about how they use data or what control you are giving over, think twice before downloading or do more research about that app before using it.

Privacy Tips for 2015

They say a picture is worth a thousand words.  I think this graphic really speaks for itself. We will be posting tips like this throughout the month of February as part of the Data Privacy Month initiative.  For now, what do you think of the tips in the graphic below?  What would you add as your Top Privacy Tips for 2015?

Privacy Tips for 2015
Courtesy of staysafeonline.org.

 

Privacy, Security & Compliance: Strange Bedfellows or Marriages Made in Heaven?

definitions
Photo Credit: EDUCAUSE

Well, it is February.  Data Privacy Month has come to a close.  I want to than everyone who participated in UConn’s Data Privacy Month initiative, and who took the time to read this blog and my posting in other places, like UConn’s Daily Digest and on Facebook over the course of the month of January.  It is wonderful to have a full month to focus on privacy initiatives and best practices, but at all businesses, including institutions of higher education, the work goes on year-round.  Using Data Privacy Month as a jumping-off-point, I’m going to continue posting great articles, pointers, videos and best practice resources throughout the year.

So here’s the first post for February:

Two of my higher education colleagues, Michael Corn (University of Illinois at Urbana-Champaign) and Jane Rosenthal (University of Kansas) recently wrote a great article for the EDUCAUSE Review about the interplay of the roles of privacy, security and compliance professionals in university environments. Take a look!

 

Cloud Computing and File Sharing

cloud computing
(graphic borrowed from http://www.intelligentitnyc.com)

 

This week, we are focusing on Cloud Computing and File Sharing. Though there are different types of clouds, practically everyone who uses a computer uses “The Cloud” in some way or another. But do you really know how the cloud works?  Sending information via email and over the internet may be useful when you need to share or access something quickly.  However, if you do not share or access that information in a secure manner, what seemed quick and convenient could cause you or the subject of the information a huge headache if that information is intercepted to gets into the wrong hands.  Here are some things to consider when sending personal or sensitive information electronically both at UConn and in your personal life:

Cloud security tips

 It’s the little things that count. Take the proper precautions by adopting easy proactive security habits and it will go a long way in safeguarding your personal data on the cloud.

UConn resources for file sharing

We live in a fast paced world that has faced paced problems. With the click of a mouse, enormous amounts of data can be compromised in an instant.  Often times, email is not a secure method by which to transfer data or information.  Luckily, UConn does have some easy to use resources for you that are also secure.  The UITS Information Security Office recommends that you use a tool called “File Locker” to use when transmitting sensitive information.   File Locker is a web-based application that allows UConn faculty, staff, and students to securely send or temporarily store sensitive files.   Visit https://web2.uconn.edu/filelocker/ to learn more.

UConn resources for detecting insecure data at work and at home

We’re human, we make mistakes and it’s a part of life, right? We also have the ability to catch our mistakes. UITS has implemented a tool called “Identity Finder “that you can run on your work and personal computer to detect unsecure sensitive information such as banking numbers, credit card numbers, and social security numbers, thus catching our storage errors. The software scans your computer for these risks and gives you the option to securely “shred” or quarantine unsafe data on your computer. Identity Finder will even scan your outlook mail for content that shouldn’t be there.

UConn resources for cloud data storage

One cloud-based data storage option UConn offers is a tool called IBM File Net.  IBM File Net is an Enterprise Content/Document Management System and is available as a tool for data storage and management. More about IBM File Net and its various benefits can be found at this DailyDigest entry.

Have you installed Identity Finder yet?

SecureU-IDFinder

 

In my post from January 14, 2013 below I included a section on protecting your personal information, as well as resources for protecting sensitive University data. To follow up on that post, I wanted to share a reminder tip that was posted earlier today by the UConn Information Security Office (ISO) on its two Facebook pages (UConnISO and UConn HuskyHunt):

Privacy Month Tip #13 – Protect Your Data, and here’s how….
As part of the secureU initiative, the University of Connecticut has partnered up with Identity Finder,LLC to bring the Identity Finder software to all faculty, staff, and students of the University of Connecticut free of charge!

Identity Finder is a special software that gives users the ability to find and protect sensitive data on their computer(s), helping to prevent data loss and identity theft. Identity Finder reduces the risk of data leakage and identity theft by discovering and securing sensitive information across computers. Built-in tools are included to shred, scrub, secure and quarantine vulnerable data in order to protect University of Connecticut constituents from data loss caused by spyware, viruses, lost laptops, and hackers.

For UConn employees and students, if you haven’t already done so, visit UConn’s Identity Finder website and install the software on your UConn-issued computer.  There is also an option to install the software on your personal computer too.  You should strongly consider doing so.  You will be amazed at what you find that you have stored there that you forgot about!

Stop! Thief!

thiefcard  thiefphone  thieflicense

This week’s posts will be focused on the topics of identity theft prevention and data protection.

Taking Care of Your Personal Information

What can you do to diminish the chances that you will become the victim of identity theft?  Here are some pointers:

  • Watch out for imposters!  Make sure you know who is asking for your personal or financial information and why they are asking for it. Don’t give out personal information on the phone, through the mail or online unless you’ve initiated the contact or know who you’re dealing with.
  • Manage your records.  Do not keep paper or electronic records that contain sensitive personal information longer than you need to.  Make sure you store your records that contain sensitive personal information in a secure location.
  • Properly dispose of paper records.  When disposing of paper records, do not throw documents with personal information on them in the trash.  Shred, shred shred!
  • Clear your mobile device before you get rid of it.  Before you dispose of a mobile device (such as your smartphone) check your owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device properly.
  • Encryption as a tool.  Consider encrypting files or even computer hard-drives that contain sensitive information.
  • Update security features.  Make sure that you update security and antivirus features and install patches on your computer regularly.
  • Monitor your credit.  Monitor your credit with each of the 3 major credit bureaus.  Federal law requires nationwide consumer reporting companies to provide you with a free credit report, at your request, once per year.
  • Password protection.  Protect your password the same way you would protect other sensitive personal information about yourself.  Create complex passwords and have different ones for each account if possible.  Do not share you passwords with anyone.
  • Do they really need my SSN?  Think twice (or 3 times!) before you give out your Social Security Number. If someone asks you to share your SSN, ask that person why they need it, how it will be used, how they will protect it, and what happens if you don’t share it with them.
  • Be wise about Wi-Fi.  Before you send personal information over your laptop or smartphone on a public wireless network in a coffee shop, library, airport, hotel or other public place, see if your information will be protected.
  • How social should I be?  Do not overshare on social networking websites.  Avoid posting personal information, such as your birth date or address.  Also consider how much you post about your life.  Identity thieves can use what you post to answer common challenge questions on your accounts, such as your credit card.
  • Think you might be the victim of identity theft?  Want to be prepared just in case?  The Federal Trade Commission, the Identity Theft Resource Center and staysafeonline.org provide excellent information regarding what to do if you become a victim of identity theft.

Taking Care of University Data (or personal information collected by University faculty/staff):

Here at UConn we take privacy and data security very seriously.  Systems are in place and resources are available to protect sensitive information we collect and/or maintain as part of our business practices.  Here are just some of the available University resources to help with identity theft prevention and records management as they relate to University records:

  • Learn more about the Compliance Office’s Records & Information (RIM) Program.  (Email me for a copy of our new brochure at rachel.krinsky@uconn.edu)
  • Staff are available anytime to answer your questions about data security, privacy and records management.  If you have questions or would like training regarding any of these topics, all you need to do is ask.  For more information, contact:

Privacy/Records & Information Management

Rachel Krinsky Rudnick
Assistant Director of Compliance/Privacy Officer
Rachel.Krinsky@uconn.edu
(860) 486-5256

Data Security

Jason Pufahl
Chief Information Security Officer
Jason.Pufahl@uconn.edu
(860) 486-3743