Home - Office and Services - Information Technology - Information Technology News
Information Technology News

NEWS

Security Awareness: Think Carefully before Sharing – Only Share what’s Needed

By mark hine on May 22, 2015

Before sharing a file with confidential or sensitive data ask:

  • Does the person or people receiving this information, need all of the information I’m sharing or could I trim the volume of confidential data?
  • Do all the people I am sharing this with need the information?
  • Is there a more secure way to share the information?

Colgate generates and uses, through the course of business, a considerable volume of data that should be carefully guarded against loss and unauthorized access, including social security numbers, driver’s license numbers, bank accounts, and grades. In a University environment, collaboration is a natural and necessary behavior. Sharing files is one way we move data from those who have it to those who need it. Below are some practical strategies for reducing the likelihood of data loss:

Limit Data Shared
Providing extracts or portions of data that include only necessary information is strongly recommended. An example is a report that has student IDs redacted or social security numbers removed. If the information does not have a business purpose it should be removed prior to sharing. More importantly, for confidential and sensitive data, ask: should this individual have access to this information? Is it part of their job responsibilities? If they do not need it they shouldn’t see it. This protects the community and the individual.

Avoid Email as a Conduit
For most people, emailing attachments is a quick, easy and practical way to share information. Emailing confidential or sensitive attachments, however, is risky since the email can be accidentally forwarded or shared with the wrong person or people. To share this type of information use password protected attachments, shared google documents, or links to a database. Social Security numbers, credit card numbers, driver’s license numbers and passwords should never be included in an email.

Google Drive
Instead of storing documents on your desktop (another vulnerability), ITS recommends using University supported storage options like Google Drive. Google Drive offers a second layer of security (you have to login to it) and the ability to assign variable permissions (view only, comment and view, edit) to specific documents. Sharing features are built in. If you would like more training on Google Drive, ITS can provide additional training to you or your department.

Use the Colgate VPN when off campus
Using Colgate’s virtual private connection (VPN) is a secure way to access Colgate data and applications. This connection is encrypted and password protected. A VPN connection is a good way to view records and confidential data securely.

For more information, please visit:
http://www.colgate.edu/offices-and-services/information-technology/network-services/accounts

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.
Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Leave a comment

Comments: Please make sure you keep your feedback thoughtful, on-topic and respectful. Offensive language, personal attacks, or irrelevant comments may be deleted. Responsibility for comments lies with each individual user, not with Colgate University. Comments will not appear immediately. We appreciate your patience.