Early Bird

Secure your data

Take cybersecurity steps to keep sensitive information safe.

By Mike Hart, Corey Oxenbury

October 24, 2019

Securing your data isn’t just about your documents or other personal information; it’s about our shared responsibility to protect the data we have access to through Banner and other University systems.

Some data-security responsibilities are based on regulatory guidelines, including FERPA, HIPAA and PCI. Other responsibilities are outlined in University policy. Human Resources routinely overviews regulatory and policy guidelines as part of the employee-onboarding process, but you can always check the Policy Library if you have any questions or need a refresher.

The first step in protecting data is to classify the data – identifying different categories of data based on business needs, information sensitivity and other factors. Classifying data lets members of the organization know how to properly protect it. See the University’s policy on data classification for details, but here are some key points to remember:

• Store data in appropriate locations. Official Use Only and Confidential data must be stored only on systems and devices secured and maintained by Information Technology Services. Storing sensitive electronic data on flash drives, personal cloud storage or personal devices is contrary to University policy and puts the data at risk. Remember that paper copies of sensitive documents also need to be protected.
• Share data appropriately. Ensure that you use appropriate services to send or receive data and that you can validate that you are sharing data with authorized individuals. If you’re not sure a sharing solution is supported or secure, contact ITS.
• Delete data when it’s no longer needed. Many security breaches involve data stored for longer than needed. If you securely delete data, it can’t fall into the wrong hands.
• Notify ITS if you think there is a data risk. If sensitive data has been inappropriately stored or shared, or if you think security solutions on your University-issued computer are malfunctioning, ITS may be able to prevent data loss or exposure if notified in a timely manner.
• Notify ITS immediately if you think there is a data breach. If data has already been lost or exposed, ITS may still be able to prevent the problem from escalating. The University also has obligations to notify external agencies and affected individuals if information-security incidents occur, so timeliness is critical.

Don’t forget it’s National Cyber Security Awareness Month! The Department of Homeland Security has put up a website with a lot of information about cybersecurity and awareness. We recommend taking a look if you’d like to learn more.

If you have any questions or would like assistance in securing your data, please contact the ITS Helpdesk at 303-352-7548 or support.msudenver.edu.