- 1 Data Security and WSU
- 2 WSU’s Legal Obligations
- 3 Your Responsibilities
- 4 Required Online Training
- 5 Personal Training
Data Security and WSU
Why is Data Security Important?
One of the most important concerns in any organization is data security. Data security is important because it maintains the overall stability and credibility of the institution. As a Winona State employee you are responsible for adhering to federal, state, and institutional policies and guidelines. Employee failure to abide by these guidelines may prevent Winona State servers from connecting to the internet which leads to a loss of business productivity.
WSU’s Legal Obligations
(Family Educational Rights and Privacy Act) Is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
(Minnesota Government Data Practices Act) The Government Data Practices Act, Minnesota Statutes, Chapter 13, creates a presumption that state and local government records are accessible to the public unless a statute or rule provides otherwise.
Minnesota State Policies & Procedures
As part of the Winona State Community you are expected to follow some very important guidelines to help keep our campus safe.
Check Links in Emails—So Important!
Let's first answer the question: Why do I need to validate a web-link or an email address? The short answer (like the answer for most security related questions) is that you cannot always trust people.
The Winona State IT Department will never require you to provide your WSU credentials in an email. If you receive an email requesting this information do not open it and please forward it to firstname.lastname@example.org.
Only use your WSU password on sites if they end in winona.edu or minnstate.edu. There can be many things that look superficially legitimate, however with an extra keen glance suspicious items are readily visible. You need to verify! To verify URL links you just 'mouse over' the link(s) that you are being directed to. This is done by putting your mouse on a hyperlink until the application pops up the actual destination hidden in the link.
Protect Your Password
Do NOT share your WSU password with anyone.
- Not with your office administrator
- Not with your kids or spouse
- Not with your IT Staff. Other IT Staff will have access with their own password!
- Never let anyone use your keyboard while you are logged into the device.
Verify, Verify, Verify!
If someone from IT or Facilities comes to assist you:
- Were you expecting someone to complete a work order?
- Have you checked their IT /Facilities badge? All IT and Facilities employees should be wearing a badge.
- Have you checked our employment verification checker?
Did you fall for a scam or are you just suspicious? When things go wrong … or something doesn’t seem right. Report it to email@example.com
Things To Be Concerned About
- Groggy Monday morning and you fall for a phishing scheme
- Maybe you replied to an email
- Maybe you JUST clicked a link
- Accidentally type your password into the wrong field of a form of a legitimate page!
- Typed your password into the username fields
- Cursor was actually in your instant messenger window
- Received or realized you sent private data in an insecure manner, e.g. emailed a SSN.
- You start receiving tons of non-deliverable emails
- "I didn't send this email message..."
- You lose a device (phone, PDA, tablet, laptop or storage device) or suspect it was stolen
- Your work environment has been upset
- documents have been moved or are missing
- a different user last used your computer
- Unsolicited calls or visits from IT or Maintenance
What to Do When Things Go Wrong – or May Have. Time is of the Essence!
- Change your password upon even a slight suspicion of it being compromised
- Notify supervisor/human resources/IT/Legal Affairs/Security immediately
- Finite window of opportunity to capture logs or video
- Forward spam or phishing attempts to firstname.lastname@example.org then delete
- Power off the device and bring it to Technical Support in Somsen 207
- Remotely wipe your lost devices
- Call Tech Support at 507.457.5240 for more information
Required Online Training
(Public Jobs Private Date)
Log onto D2L.winona.edu — D2L Required Training
The Public Jobs Private Data (PJPD) Course is a mandatory online training course for all employees of the Minnesota State system. This online course provides a structural framework for handling sensitive data and how to avoid most common end-user mistakes.
If you would like more information or personal 1:1 training regarding WSU and Data Security contact:
- Tobias Schmidt
- Data Security Officer
- Winona State University
- (507) 457-2214