Travis, Kristen and I went over to the IS offices in the UCC to attend the Information Security session offered by IS today. The program was a basic session on how to ensure that your data, (and the University’s data) remains secure. Sarah Wojic (from IS) led the presentation, and Mike Rollins, (also from IS) was in attendance.
The acronym CIA was used to present the three major principles of Information Security. They are:
–Confidentiality: preventing disclosure to unauthorized users
–Integrity: preventing the misuse of important data files
–Availability: still making the data available to everyone that has a legitimate need.
Mike suggested that while some may say that an unplugged computer is the safest computer, it doesn’t allow for accessing any data, so it doesn’t meet the third principle of Information Security. Information Security is interested in maximizing and balancing all three.
There was discussion about the ways we can ensure the physical security of our computers including:
–locking computer with a cable lock even in your office. (I was reminded to do this and did so upon returning to my office.)
–never leave your laptop unattended. (More on this later)
–when you take your laptop home with you, carry it discretely in a bag that doesn’t shout out “my laptop with lots of data is in here!”
–put it in the trunk if you aren’t going straight home.
Ways to secure data include:
–not letting others, (including your kids or spouse) use your laptop. The laptop is for your use only.
–don’t post passwords on, in, or near your computer and change passwords often
–lock your desktop before leaving your computer, even if you’ll just be gone a minute.
–save sensitive data to a network drive.
–use the VPN client when off campus
–don’t print anything unless absolutely necessary, and then afterward, shred it.
–don’t respond to any phishing emails, but do report them to firstname.lastname@example.org
–only open attachments that you are expecting or that are from people you know.
To illustrate the points, she utilized some entertaining video clips showing Wake Forest people acting at their worst and then at their best. During the Q and A at the end, Travis asked if students were given this same level of training before they get their laptops. No one in the room knew for sure, except that they are expected to sign the University Ethical Use policy, (which deals more with not violating copyright, not downloading illegal software and such.) Travis then related the experience we see in the library with students frequently leaving their laptops unattended, perhaps because they feel so comfortable here. Sarah was quite shocked, and Mike said that when they pick up their laptops, it is suggested to them that they use cable locks but that cable locks are not issued as a part of the laptop. No real result came of that, but hopefully it reminded those in IS that the message on information security needs to extend beyond the faculty and staff of the institution to include the students.