Data security

From WSU Technology Knowledge Base
Jump to navigation Jump to search

Data Security and WSU

Why is Data Security Important?

One of the most important concerns in any organization is data security. Data security is important because it maintains the overall stability and credibility of the institution. As a Winona State employee you are responsible for adhering to federal, state, and institutional policies and guidelines. Employee failure to abide by these guidelines may prevent Winona State servers from connecting to the internet which leads to a loss of business productivity.

WSU’s Legal Obligations

FERPA

(Family Educational Rights and Privacy Act) Is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

MnGDPA (Minnesota Government Data

Practices Act) The Government Data Practices Act, Minnesota Statutes, Chapter 13, creates a presumption that state and local government records are accessible to the public unless a statute or rule provides otherwise.

MnSCU Policies & Procedures

WSU Policy

Your Responsibilities

As part of the Winona State Community you are expected to follow some very important guidelines to help keep our campus safe.

Check Links in Emails—So Important!

Let's first answer the question:  Why do I need to validate a web-link or an email address? The short answer (like the answer for most security related questions) is that you cannot always trust people.

The Winona State IT Department will never require you to provide your WSU credentials in an email. If you receive an email requesting this information do not open it and please forward it to abuse@winona.edu.

DSecurityExample.png

Only use your WSU password on sites if they end in winona.edu or mnscu.edu. There can be many things that look superficially legitimate, however with an extra keen glance suspicious items are readily visible. You need to verify! To verify URL links you just 'mouse over' the link(s) that you are being directed to.  This is done by putting your mouse on a hyperlink until the application pops up the actual destination hidden in the link. 


Required Online Training

PJPD

(Public Jobs Private Date)

Log onto D2L.winona.edu — D2L Required Training

The Public Jobs Private Data (PJPD) Course is a mandatory online training course for all employees of the MnSCU system.  This online course provides a structural framework for handling sensitive data and how to avoid most common end-user mistakes.

Report it!

Did you fall for a scam or are you just suspicious? When things go wrong … or something doesn’t seem right. Report it to abuse@winona.edu

Protect Your Password

Do NOT share your WSU password with anyone.

  • Not with your office administrator
  • Not with your kids or spouse
  • Not with your IT Staff. Other IT Staff will have access with their own password!
  • Never let anyone use your keyboard while you are logged into the device.

Verify People

Verify, Verify, Verify!

If someone from IT or Facilities comes to assist you:

  • Were you expecting someone to complete a work order?
  • Have you checked their IT /Facilities badge? All IT and Facilities employees should be wearing a badge.
  • Have you checked our employment verification checker?
    • Check one person at a time by Tech ID
Red/Green
View All IT Student Workers

Things To Be Concerned About

  • Groggy Monday morning and you fall for a phishing scheme
    • Maybe you replied to an email
    • Maybe you JUST clicked a link
  • Accidentally type your password into the

wrong field of a form of a legitimate page!

    • Typed your password into the username fields
    • Cursor was actually in your instant messenger window
  • ​Received or realized you sent private data in an insecure manner, e.g. emailed a SSN.
  • You start receiving tons of non-deliverable emails
    • "I didn't send this email message..."
  • You lose a device  (phone, PDA, tablet, laptop or storage device) or suspect it was stolen
  • Your work environment has been upset
    • documents have been moved or are missing
    • a different user last used your computer
  • Unsolicited calls or visits from IT or Maintenance

What to Do When Things Go Wrong – or May Have. Time is of the Essence!

  • Change your password​ upon even a slight suspicion of it being compromised
    • Notify supervisor/human resources/IT/Legal Affairs/Security immediately
    • Finite window of opportunity to capture logs or video

​*Forward spam or phishing attempts to abuse@winona.edu​ then delete

  • Power off the device and bring it to Technical Support in Somsen 207.
  • Remotely wipe your  lost devices.
  • Call Tech Support at 507.457.5240 for more information.







Personal Training

If you would like more information or personal 1:1 training regarding WSU and Data Security contact:

Tobias Schmidt
Data Security Officer
Winona State University
507) 457-2214
TSchmidt@winona.edu
Retrieved from "https://learn.winona.edu/w/index.php?title=Data_security&oldid=20532"