Eastern Michigan University
Data Security Best Practices
What is Data Security
Data security is the practice of storing and using electronic data in a way that preserves the privacy of the organizations and the people involved in the data, i.e, data security practices allow you to use the data you need while preventing others from using it illicitly.
Data is ranked according to the sensitivity of its contents. A student's name, for instance, is rated as less sensitive than his/her social security number; names are usually considered public information but social security numbers are considered private. At EMU, there are three levels of data information.
Public information is just that--information that is easily accessible to the public and has little or no risk if revealed. Examples include name, email address, and other information available on a public website.
Sensitive information is information that, if revealed, could put an individual or the University at risk. Examples include passwords and student grades.
Confidential information, if revealed, would put an individual at risk or potentially put the University in legal jeopardy. Examples include social security numbers, medical records, and financial information.
How to be Secure
There are a number of steps to take to practice data security. Data can either be "at rest" or "in transit" and securing data requires different steps depending on the state of the data.
Data at rest
Data at rest is data that is not being moved from one system to another. This includes data you are currently using as well as data stored on your computer hard drive or in a server folder. There are several steps you can take to protect data at rest:
Encryption, either of a specific folder or the entire hard drive, ensures that no one can access the data even if the computer is stolen. You can read more about encryption at http://www.emich.edu/it/security/data/encryption.php .
Monitors should be positioned to make it difficult for someone to read your screen. Special screen overlays are available to further protect your screen by blocking the view from either side of the monitor.
Removable media, such as CD/DVDs, USB keys, and the like should be kept secure. Do not leave them on your desk or otherwise unattended. If possible, encrypt the data on them as well. Lock them up if they are not being used. When you are ready to dispose of removable media, take extra precaution when disposing of any media that may contain any sensitive or confidential data. If you are unsure about how to best dispose of removable media, please contact I.T. Security at 734.487.0101.
Printouts should only be made when absolutely necessary and should be shredded or securely recycled when they are no longer needed. Lock them up when they are not being used.
Data in transit
Data in transit is data being transmitted from one system to another either via the internet or internal network. There are several options available to ensure date security:
Encryption which, in this case, takes a different form. If you are transmitting data over the internet, ensure that you are using secure methods of transport. SSL (Secure Sockets Layer) is a method for web servers to ensure the privacy of communications between them and your computer. Look for the HTTPS:// in the front of their web addresses to be sure that their sites are using SSL.
If you have to transfer files, you can use a form of encryption called "Asymmetric key" or "Public/Private key" encryption. One key (a key is a piece of information needed to read encrypted data) is used to encrypt the data, and a second one is used to unencrypt it. Each person has only one of the two keys ensuring the communications between them remain private. Most encryption software is capable of creating these keys as well as encrypting the data using them.
VPNs are another method to secure communications between your computer and the University network from any internet connection in the world. By using a VPN, your data is protected to the same degree as it would be if you were directly connected on campus. All EMU faculty and staff have access to the campus VPN gateway which can be used when connecting to Banner or other systems where encrypting data in transit may be necessary. VPN does not provide any additional security and you would still need to use best practices for protecting the data.
Shared drives are folders located on servers in the University's data centers. Shared drives allow you to store data in a location that is physically secure, is regularly backed up, and is easily accessible to others. Shared folders should be used when you have data you need to share with your coworkers, but they should not be made publicly available. Every department's shared drive has its own security structure; make sure you understand yours before sharing data to ensure that only those people who need access are able to do so.
Eaglemail uses an SSL connection to connect to the web client, but it is not considered a secure method to store or transmit data. Confidential data should not be transmitted through email.
Data security is only as good as its weakest link. Therefore, when looking over these best practices, remember to also continue your own personal data security practices, both in the office and at home:
- Guard your passwords well and never share them with anybody. Make your passwords hard to guess, but easy for you to remember, and change them regularly. Do no use your EMU password on other sites. Do not write your passwords down.
- Paper documents should be kept secure and destroyed when no longer needed.
- Keep your computer up-to-date with the latest patches for your operating system and use an up-to-date antimalware solution.
More suggestions can be found on the EMU I.T. security pages and at www.staysafeonline.org.
Division of Information Technology
118 Pray Harrold
Ypsilanti, MI 48197