Data Safety

USB drive in laptop
Gain insights and guidelines for ensuring the secure handling and protection of sensitive information.

Keeping our information and data safe

We hear about identity theft almost every day. It’s the new “flavour of the day” in crime. If you search the net, you can find people selling personal information almost anywhere.

We frequently hear of breaches at universities where thousands of student records are compromised. Did you ever wonder why criminals would be interested in trying to hack into university computer systems?

By their nature, student systems at universities contain large amounts of personal information. This includes information on active students, as well as applicants and alumni. If you consider how many new students register each year, you can begin to understand the amount of personal information we maintain.

These students trust us to keep their personal information private and secure. If you are dealing with student data, they trust you to do your part.

It is said that a chain is only as strong as its weakest link. We have hundreds of people working with student data; hundreds of links in the chain. Criminals are always trying to find the weakest link… don’t let it be you!

Consider computer viruses. In the past, they were written by kids. It was like graffiti; a way of showing off. This is no longer the case. These days, viruses are written by criminals, by professionals. They don’t simply spread around and shut machines down; they become dormant “backdoors” into your computer. If your computer is infected and not cleaned, it is essentially under the control of someone outside. Keystroke recorders, for example, record where you go on the web, and the passwords you use to access certain sites.

Torpig is just one example. There are many similar viruses and worms out there. It is important to have up-to-date antivirus software on your computer.

While the antivirus provides a level of security, there is another weakness: You. Criminals are always trying to trick you into running something or providing them with information.

We’ve all received forged emails from “banks”, telling you to update your account information. A similar technique is used by criminals wanting access to student data.  In this case, however, they will not send a generic letter. They browse through a university’s website, looking at organizational charts, cataloguing who works in which department, etc…  They then write a well-crafted letter and send it to a select crowd. It may ask them for some information, or, more likely, it will be a link to a web site containing malware (malicious software). Once this is installed on your computer, they wait a few days, and then collect the information from the keystroke recorder. They now have your passwords and access to your information.

Action items to protect your data and devices

Take 5 minutes to assess which of these 7 action items you still need to work on to protect your data and devices:

  • Have you evaluated the security of all your devices?
  • Do you lock your computer when you are away from it?
  • Are your passwords securely stored?
  • Do you have a regular schedule to update your passwords?
  • Do you back up your work regularly?
  • Have you Googled your name recently to see what personal information is available worldwide?
  • Have you verified that all personal information on your devices are secure?

Security is everybody’s responsibility; self-evaluate which best practices you still need to improve:

  • Password Management: use strong passwords and change them frequently
  • Privacy Protection: be aware of private information and manipulate it accordingly; avoid storing confidential work on your work computer
  • Patch management: upgrade when prompted your OS and software
  • Anti-virus: regularly check for signature updates and perform a full scan
  • Browser hardening: use a tool such as Qualys to perform regular system scans to find missing security patches
  • Phishing/Spam: think before you click
  • Clean desktop: don’t leave confidential work material on your desk, always lock it.

Remember to keep watching for any unusual activity on your devices. Information Technology updates the Information Security website often, be sure to consult it regularly for the most up-to-date resources.