Protecting Others’ Info

In addition to protecting your own personal information and data, many of us at UMF are also entrusted with protecting the privacy and confidential data of our students and fellow employees. The recommendations below offer additional security measures to protect others’ information.

• Guidelines of what data should be kept confidential are governed by federal laws including the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley (GLB) Act. If you’re unsure what data should be kept confidential, either protect all potentially confidential data or contact the appropriate campus contacts:
  • FERPA: Carla DeGraw (x-7241)
  • HIPAA: Laurie Gardner (x-7272)
  • GLB Act: Mary Ellen Martin (x-7325)

• Whenever possible, confidential documents should be stored on the network’s H:\ or X:\ drives, where they are more secure and backed up regularly in a secure manner. Storing copies of the info on your computer -- or worse, on a CD, floppy disk, or USB drive -- increases the risk of data theft or loss.

• If you absolutely must store confidential data on your computer’s hard drive, the data should be stored in encrypted files. Windows XP and Vista and Mac’s OS/X have file encryption built-in that will suit most needs, but if you work with a lot of confidential information, we recommend using the software TrueCrypt. Be aware that with any of these encryption tools, if you forget the password, your data will be lost and cannot be recovered. To use these encryption methods, consult these how-to documents:
  • How to use built-in file encryption with Windows XP or Vista
  • How to use TrueCrypt (Windows only)
  • How to use FileVault with Mac OS/X

• Avoid using e-mail to send confidential information, as e-mail can easily be sent to a mistyped address or forwarded by a recipient without regard for its confidentiality. If you must send sensitive information by e-mail, send it as a password-protected, encrypted attachment. If you need help, here are how-to documents showing how to password-protect files in different versions of Microsoft Word and Excel:
  • Password-protection in Word XP/2003
  • Password-protection in Word 2007
  • Password-protection in Excel XP/2003
  • Password-protection in Excel 2007
  • For help password-protecting other types of file, contact the Help Desk (x-7300).

• Do not set applications, e-mail clients, web pages, etc. to save passwords or log in automatically. While this may be convenient for you, it’s even more convenient for those who may want to access confidential data on your computer.

• Avoid accessing confidential data over wireless networks. Wireless connections available at hotels, airports, Starbucks, etc., are particularly unsafe because anyone can tap into them and intercept data. Home wireless networks also tend to be insecure, unless you have enabled access control and encryption. Even on campus, the wireless network is less secure than the wired network, so confidential data (even on H:\ or X:\ drives) should not be accessed via your wireless connection.
  
  However, accessing data through secure, encrypted web sites is safe over wireless. You can tell if a site is secure by its web address (a secure address starts with "https" instead of "http") and by the appearance of a small lock icon in the lower-right corner of your web browser. Common work-related sites eCampus, Web DSIS, and Horde e-mail are secure and safe for wireless.

• If you believe that confidential data on your computer may have been accessed by unauthorized person(s), or if a computer is stolen from you or otherwise lost, you are required to report the incident to the Computer Center’s Director of IT, Fred Brittain (x-7303), so we can quickly assess the security threat level and determine the appropriate security actions to take.

Related pages:

• Computer security settings
• Geek Speak Glossary
• Security homepage