Data Security Best Practices
Data security practices allow you to store and use the electronic data you need while preventing others from using it illicitly. At EMU, data is ranked in three levels.
- Public - accessible to the public with little or no risk if revealed (e.g. a name and email address).
- Sensitive - could put an individual or the University at risk (e.g. passwords and student grades).
- Confidential - would put an individual at risk or the University in legal jeopardy. By law, confidential data must be protected (e.g. social security numbers, medical, and financial information).
General Security Practices
Data security is only as good as its weakest link. Therefore, when looking over these best practices, remember to also continue your own personal data security practices, both in the office and at home:
- Keep your computer up-to-date with the latest patches and use an up-to-date anti-virus software.
- Paper documents should be kept secure and destroyed when no longer needed.
Data can either be "at rest" or "in transit" and securing data requires different steps:
- Data at rest - Data at rest is data that is not being moved from one system to another. This includes data you are currently using as well as data stored on your computer, a hard drive, or in a server folder. There are several steps you can take to protect data at rest:
- Computer and Hard Drive - install Full Disk Encryption software to ensure that no one can access your data even if your computer is stolen. If you have an EMU computer - call the Help Desk at 734.487.2120 to request guidance to enable Bitlocker on Windows or FileVault on Macintosh.
- Monitor - position it to to make it difficult for someone to read. Screen overlays are available to help block the view from either side of the monitor.
- Removable media - USB keys should be locked up when not in use. I.T. does NOT recommend that sensitive or confidential data be kept on them, and they should be disposed of with extra caution. If you are unsure how to best dispose of removable media, contact the Help Desk at 734.487.2120.
- Printouts - print only when absolutely necessary, then lock it up when not in use and shred or securely recycle when no longer needed.
- Data in transit - is data being transmitted from one system to another either via the Internet or an internal network. There are several options available to ensure date security:
- Secure data transfer - make sure a web address uses SSL technology (it has an 's' in the https:// portion of the address, the 's' stands for secure, before you enter and submit personal information.)
NOTE: Confidential data should NOT be transmitted through email.
- Virtru - Virtru is an email encryption tool that allows the EMU community to encrypt and secure email content.
- ZendTo Secure File Sharing - EMU ZendTo is a web based tool that allows EMU employees to securely exchange files with other EMU employees, or those outside the university. ZendTo uses complex encryption to secure files and permits users to share files much larger than those they can send via email. ZendTo meets the encryption standard required for sharing any EMU business data, including PII.
- VPN - a Virtual Private Network provides authorized employees with secure remote Internet access to the campus network and systems either from a wireless connection on campus or from a location off campus. EMU uses AnyConnect software for VPN access.
- Shared drives - contains regularly backed-up folders located on physically secure servers in EMU's data center that you can share with coworkers.
- Check your security posture: Check your EMU computer's security posture. Checkup will check to be sure your operating system software is up to date, your firewall is enabled and hard drive is encrypted. (These recommendations are for EMU owned computers. We encourage employees to consider implementing these security measures on personally owned computers, where possible, but we are unable to provide support for personally owned machines.)