Eastern Michigan University

Data Security Best Practices

Data security practices allow you to store and use the electronic data you need while preventing others from using it illicitly. At EMU, data is ranked in three levels.

  • Public - accessible to the public with little or no risk if revealed (e.g. a name and email address).
  • Sensitive - could put an individual or the University at risk (e.g. passwords and student grades).
  • Confidential - would put an individual at risk or the University in legal jeopardy. By law, confidential data must be protected (e.g. social security numbers, medical, and financial information).

How to be Secure

Data can either be "at rest" or "in transit" and securing data requires different steps:

  • Data at rest - Data at rest is data that is not being moved from one system to another. This includes data you are currently using as well as data stored on your computer, a hard drive, or in a server folder. There are several steps you can take to protect data at rest:Encrypted
    • Computer and Hard Drive - install Full Disk Encryption software to ensure that no one can access your data even if your computer is stolen. If you have an EMU computer - call the Help Desk at 734.487.2120 to request installation of McAfee's Full Disk Encryption software.

      If you use a Personally-owned Computer - there are several options available; however, the Division of I.T. does NOT endorse or support any products used on personal computers:
    • Monitor - position it to to make it difficult for someone to read. Screen overlays are available to help block the view from either side of the monitor.
    • Removable media - CD/DVDs and USB keys should be locked up when not in use. I.T. does NOT recommend that sensitive or confidential data be kept on them, and they should be disposed of with extra caution. If you are unsure how to best dispose of removable media, contact the Help Desk at 734.487.2120.
    • Printouts - print only when absolutely necessary, then lock it up when not in use and shred or securely recycle when no longer needed.
  • Data in transit - is data being transmitted from one system to another either via the internet or an internal network. There are several options available to ensure date security:
    • Secure data transfer - make sure a web address uses SSL technology (it has an 's' in the https:// portion of the address, the 's' stands for secure, before you enter and submit personal information.)

      NOTE: Confidential data should NOT be transmitted through email.

    • VPN - a Virtual Private Network provides authorized employees with secure remote internet access to the campus network and systems either from a wireless connection on campus or from a location off campus. EMU uses AnyConnect software for VPN access.
    • Shared drives - contains regularly backed-up folders located on physically secure servers in EMU's data center that you can share with coworkers.

General Practices

Data security is only as good as its weakest link. Therefore, when looking over these best practices, remember to also continue your own personal data security practices, both in the office and at home:

  • Review Think Before You Type: Protect Your Passwords to become eSafe using a passphrase and password vault.
  • Keep your computer up-to-date with the latest patches and use an up-to-date anti-virus software.
  • Paper documents should be kept secure and destroyed when no longer needed.

More suggestions can be found at www.staysafeonline.org.