Data security
REVISION IN PROGRESS: This article contains useful information, but is being revised to reflect recent updates. Direct questions to TLT (tlt@winona.edu). |
Data security is one of the most important concerns in any organization. Data security is important because it maintains the overall stability and credibility of the institution. As a Winona State University employee you are responsible for adhering to federal, state, and institutional policies and guidelines. Employee failure to abide by these guidelines may prevent Winona State servers from connecting to the internet which leads to a loss of business productivity.
University Responsibilities
FERPA
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program ofthe U.S. Department of Education.
MnGDPA
Minnesota Government Data Practices Act (MnGPA), Minnesota Statutes, Chapter 13, creates a presumption that state and local government records are accessible to the public unless a statute or rule provides otherwise.
Minnesota State Policies & Procedures
WSU Policy
Your Responsibilities
As part of the Winona State Community you are expected to follow some very important guidelines to help keep our campus safe.
Check Links in Emails—So Important!
Let's first answer the question: Why do I need to validate a web-link or an email address? The short answer (like the answer for most security related questions) is that you cannot always trust people.
The Winona State IT Department will never require you to provide your WSU credentials in an email. If you receive an email requesting this information do not open it and please forward it to abuse@winona.edu..
Only use your WSU password on sites if they end in winona.edu or minnstate.edu. There can be many things that look superficially legitimate, however with an extra keen glance suspicious items are readily visible. You need to verify! To verify URL links you just 'mouse over' the link(s) that you are being directed to. This is done by putting your mouse on a hyperlink until the application pops up the actual destination hidden in the link.
Protect Your Password
Do NOT share your WSU password with anyone.
- Not with your office administrator
- Not with your kids or spouse
- Not with your IT Staff. Other IT Staff will have access with their own password!
- Never let anyone use your keyboard while you are logged into the device.
Verify People
Verify, Verify, Verify!
If someone from IT or Facilities comes to assist you:
- Were you expecting someone to complete a work order?
- Have you checked their IT /Facilities badge? All IT and Facilities employees should be wearing a badge.
- Have you checked our employment verification checker?
- Check one person at a time by Tech ID (Red/Green)
- http://www.winona.edu/it/security and then click on the WSU Employee Verification link on right.
- View All IT Student Workers
- http://www.winona.edu/it/security and then click on WSU Employee Verification link on right.
- Check one person at a time by Tech ID (Red/Green)
Report it!
Did you fall for a scam or are you just suspicious? When things go wrong … or something doesn’t seem right. Report it to abuse@winona.edu
Things To Be Concerned About
- Groggy Monday morning and you fall for a phishing scheme
- Maybe you replied to an email
- Maybe you JUST clicked a link
- Accidentally type your password into the wrong field of a form of a legitimate page!
- Typed your password into the username fields
- Cursor was actually in your instant messenger window
- Received or realized you sent private data in an insecure manner, e.g. emailed a SSN.
- You start receiving tons of non-deliverable emails
- "I didn't send this email message..."
- You lose a device (phone, PDA, tablet, laptop or storage device) or suspect it was stolen
- Your work environment has been upset
- documents have been moved or are missing
- a different user last used your computer
- Unsolicited calls or visits from IT or Maintenance
What to Do When Things Go Wrong – or May Have. Time is of the Essence!
- Change your password upon even a slight suspicion of it being compromised
- Notify supervisor/human resources/IT/Legal Affairs/Security immediately
- Finite window of opportunity to capture logs or video
- Forward spam or phishing attempts to abuse@winona.edu then delete
- Power off the device and bring it to Technical Support in Somsen 207
- Remotely wipe your lost devices
- Call Tech Support at 507.457.5240 for more information
Required Online Training
PJPD
All WSU employees are required to take the Public Jobs Private Data (PJPD) course annually. This online course provides a structural framework for handling sensitive data and how to avoid most common end-user mistakes. PJPD is administered through a learning management system called ELM in your State Employee Self-Service site. You will receive email reminders to complete this training.
Personal Training
If you would like more information or personal 1:1 training regarding WSU and Data Security contact:
- Tobias Schmidt
- Data Security Officer
- Winona State University
- (507) 457-2214
- TSchmidt@winona.edu
More wiki articles
External links
Except where otherwise noted, text is available under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.