Difference between revisions of "Data security"

Revision as of 01:14, 20 February 2019

Data Security and WSU

Why is Data Security Important?

One of the most important concerns in any organization is data security. Data security is important because it maintains the overall stability and credibility of the institution. As a Winona State employee you are responsible for adhering to federal, state, and institutional policies and guidelines. Employee failure to abide by these guidelines may prevent Winona State servers from connecting to the internet which leads to a loss of business productivity.

WSU’s Legal Obligations

FERPA

(Family Educational Rights and Privacy Act) Is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

MnGDPA

(Minnesota Government Data Practices Act) The Government Data Practices Act, Minnesota Statutes, Chapter 13, creates a presumption that state and local government records are accessible to the public unless a statute or rule provides otherwise.

Minnesota State Policies & Procedures

Minnesota State Policies & Procedures

WSU Policy

WSU Policy

Your Responsibilities

As part of the Winona State Community you are expected to follow some very important guidelines to help keep our campus safe.

Check Links in Emails—So Important!

Let's first answer the question: Why do I need to validate a web-link or an email address? The short answer (like the answer for most security related questions) is that you cannot always trust people.

The Winona State IT Department will never require you to provide your WSU credentials in an email. If you receive an email requesting this information do not open it and please forward it to abuse@winona.edu..

Only use your WSU password on sites if they end in winona.edu or minnstate.edu. There can be many things that look superficially legitimate, however with an extra keen glance suspicious items are readily visible. You need to verify! To verify URL links you just 'mouse over' the link(s) that you are being directed to. This is done by putting your mouse on a hyperlink until the application pops up the actual destination hidden in the link.

Protect Your Password

Do NOT share your WSU password with anyone.

Not with your office administrator
Not with your kids or spouse
Not with your IT Staff. Other IT Staff will have access with their own password!
Never let anyone use your keyboard while you are logged into the device.

Verify People

Verify, Verify, Verify!

If someone from IT or Facilities comes to assist you:

Were you expecting someone to complete a work order?
Have you checked their IT /Facilities badge? All IT and Facilities employees should be wearing a badge.
Have you checked our employment verification checker?
- Check one person at a time by Tech ID (Red/Green)
  - http://www.winona.edu/it/security and then click on the WSU Employee Verification link on right.
- View All IT Student Workers
  - http://www.winona.edu/it/security and then click on WSU Employee Verification link on right.

Report it!

Did you fall for a scam or are you just suspicious? When things go wrong … or something doesn’t seem right. Report it to abuse@winona.edu

Things To Be Concerned About

Groggy Monday morning and you fall for a phishing scheme
- Maybe you replied to an email
- Maybe you JUST clicked a link
Accidentally type your password into the wrong field of a form of a legitimate page!
- Typed your password into the username fields
- Cursor was actually in your instant messenger window
Received or realized you sent private data in an insecure manner, e.g. emailed a SSN.
You start receiving tons of non-deliverable emails
- "I didn't send this email message..."
You lose a device (phone, PDA, tablet, laptop or storage device) or suspect it was stolen
Your work environment has been upset
- documents have been moved or are missing
- a different user last used your computer
Unsolicited calls or visits from IT or Maintenance

What to Do When Things Go Wrong – or May Have. Time is of the Essence!

Change your password upon even a slight suspicion of it being compromised
- Notify supervisor/human resources/IT/Legal Affairs/Security immediately
- Finite window of opportunity to capture logs or video
Forward spam or phishing attempts to abuse@winona.edu then delete
Power off the device and bring it to Technical Support in Somsen 207
Remotely wipe your lost devices
Call Tech Support at 507.457.5240 for more information

Required Online Training

PJPD

(Public Jobs Private Date)

Log onto D2L.winona.edu — D2L Required Training

The Public Jobs Private Data (PJPD) Course is a mandatory online training course for all employees of the Minnesota State system. This online course provides a structural framework for handling sensitive data and how to avoid most common end-user mistakes.

Personal Training

If you would like more information or personal 1:1 training regarding WSU and Data Security contact:

Tobias Schmidt

Data Security Officer

Winona State University

(507) 457-2214

TSchmidt@winona.edu

Learn more

Alertus

@@ Line 1: / Line 1: @@
-=Data Security and WSU=
+==Data Security and WSU==
+[[File:DataSecurityImage.png|right| 325 px]]
-==Why is Data Security Important?==
+===Why is Data Security Important?===
 One of the most important concerns in any
 organization is data security.  Data security is important because it maintains the overall stability and  credibility of the institution.
-As a Winona State employee you are responsible for adhering to federal, state, and institutional
+As a [[Winona State]] employee you are responsible for adhering to federal, state, and institutional
 policies and guidelines.
 Employee failure to abide by these guidelines may prevent Winona State servers from connecting to the internet which leads to a loss of business productivity.
 ==WSU’s Legal Obligations==
-====FERPA====
+=====FERPA=====
 (Family Educational Rights and Privacy Act)  Is a federal law that protects the privacy of  student education records.  The law applies to all schools that receive funds under an applicable
 program of the U.S. Department of Education.
-====MnGDPA  (Minnesota Government Data====
+=====MnGDPA=====
-Practices Act) The Government Data Practices Act, Minnesota Statutes, Chapter 13, creates a presumption that state and local government records are accessible to the public unless a statute or rule provides otherwise.
+(Minnesota Government Data Practices Act) The Government Data Practices Act, Minnesota Statutes, Chapter 13, creates a presumption that state and local government records are accessible to the public unless a statute or rule provides otherwise.
-====MnSCU Policies & Procedures====
+====={{MinnState}} Policies & Procedures=====
-*[http://www.winona.edu/it/security MnSCU Policies & Procedures]
+*[http://www.winona.edu/it/security {{MinnState}} Policies & Procedures]
-====WSU Policy====
+=====WSU Policy=====
 *[http://www.winona.edu/it/security WSU Policy]
@@ Line 28: / Line 28: @@
 As part of the Winona State Community you are expected to follow some very important guidelines to help keep our campus safe.
-==Check Links in Emails—So Important!==
+===Check Links in Emails—So Important!===
 Let's first answer the question:  Why do I need to validate a web-link or an email address?  The short answer (like the answer for most security related questions) is that you cannot always trust people.
-The Winona State IT Department will never require you to provide your WSU credentials in an email.  If you receive an email requesting this information do not open it and please forward it to abuse@winona.edu.
+The Winona State IT Department will never require you to provide your WSU credentials in an email.  If you receive an email requesting this information do not open it and please forward it to [mailto:abuse@winona.edu abuse@winona.edu.].
+[[File:DSecurityExample.png|left|250 px]]Only use your WSU password on sites if they end in winona.edu or minnstate.edu.  There can be many things that look superficially legitimate, however with an extra keen glance suspicious items are readily visible.  You need to verify!  To verify URL links you just 'mouse over' the link(s) that you are being directed to.  This is done by putting your mouse on a hyperlink until the application pops up the actual destination hidden in the link.
+===Protect Your Password===
+'''Do NOT share your WSU password with anyone.'''
+*Not with your office administrator
+*Not with your kids or spouse
+*Not with your IT Staff.  Other IT Staff will have access with their own password!
+*Never let anyone use your keyboard while you are logged into the device.
+===Verify People===
+'''Verify, Verify, Verify!'''
+If someone from IT or Facilities comes to assist you:
+*Were you expecting someone to complete a work order?
+*Have you checked their IT /Facilities badge? All IT and Facilities employees should be wearing a badge.
+*Have you checked our employment verification checker?
+**Check one person at a time by Tech ID (Red/Green)
+***http://www.winona.edu/it/security and then '''click on the WSU Employee Verification link on right'''.
+**View All IT Student Workers'''
+***http://www.winona.edu/it/security and then '''click on WSU Employee Verification link on right'''.
+===Report it!===
+Did you fall for a scam or are you just suspicious?  When things go wrong … or something doesn’t seem right.  '''Report it to [mailto:abuse@winona.edu abuse@winona.edu]'''
+===Things To Be Concerned About===
+*Groggy Monday morning and you fall for a phishing scheme
+**Maybe you replied to an email
+**Maybe you JUST clicked a link
+*Accidentally type your password into the wrong field of a form of a legitimate page!
+**Typed your password into the username fields
+**Cursor was actually in your instant messenger window
+*Received or realized you sent private data in an insecure manner, e.g. emailed a SSN.
+*You start receiving tons of non-deliverable emails
+**"I didn't send this email message..."
+*You lose a device  (phone, PDA, tablet, laptop or storage device) or suspect it was stolen
+*Your work environment has been upset
+**documents have been moved or are missing
+**a different user last used your computer
+*Unsolicited calls or visits from IT or Maintenance
+===What to Do When Things Go Wrong – or May Have.  Time is of the Essence!===
+*Change your password upon even a slight suspicion of it being compromised
+**Notify supervisor/human resources/IT/Legal Affairs/Security immediately
+**Finite window of opportunity to capture logs or video
+*Forward spam or phishing attempts to [mailto:abuse@winona.edu abuse@winona.edu] then delete
+*Power off the device and bring it to Technical Support in Somsen 207
+*Remotely wipe your lost devices
+*Call Tech Support at 507.457.5240 for more information
+==Required Online Training==
+====PJPD====
+(Public Jobs Private Date)
+Log onto '''D2L.winona.edu — D2L Required Training'''
+The Public Jobs Private Data (PJPD) Course is a mandatory online training course for all employees of the {{MinnState}} system.  This online course provides a structural framework for handling sensitive data and how to avoid most common end-user mistakes.
+==Personal Training==
+If you would like more information or personal 1:1 training regarding WSU and Data Security contact:
+:Tobias Schmidt
+:Data Security Officer
+:Winona State University
+:(507) 457-2214
+:[mailto:TSchmidt@winona.edu TSchmidt@winona.edu]
+==Learn more==
+*[[Alertus]]
-[[File:DSeurityExample.png|left|150 px]]]Only use your WSU password on sites if they end in winona.edu or mnscu.edu.  There can be many things that look superficially legitimate, however with an extra keen glance suspicious items are readily visible.  You need to verify!  To verify URL links you just 'mouse over' the link(s) that you are being directed to.  This is done by putting your mouse on a hyperlink until the application pops up the actual destination hidden in the link.
+[[Category: Student Survival]]