Early Bird

Securing your data

ITS provides steps for keeping sensitive information safe.

By Diane Watkins

October 8, 2020

Securing sensitive personal information, such as your Social Security number, passwords and financial-account numbers, is vitally important for protecting yourself against identity theft. It’s equally important to also protect any sensitive institutional data you encounter as an employee of Metropolitan State University of Denver.

Key pieces of information that may be accessed through Banner or other University systems, such as medical records, personally identifiable information and student records, must be safeguarded to prevent fraud or misuse of the data. In fact, as employees of the University, we are legally required by data-compliance regulations – including FERPA, HIPAA and PCI – to safeguard the confidential information that is entrusted to us.

Please see the University’s policy on data classification for details. Here are some key steps for securing confidential data:

• Classify the data. The first step in protecting data is to classify it – identifying different categories of data based on business needs, information sensitivity and other factors – so you know how to properly protect it.
• Store data in appropriate locations. Official Use Only and Confidential data must be stored only on systems and devices secured and maintained by Information Technology Services. Storing sensitive electronic data on flash drives, personal cloud storage or personal devices is contrary to University policy and puts the data at risk. Remember that paper copies of sensitive documents also need to be protected and stored in a locked, secure place.
• Share data appropriately. Confidential data must not be transmitted through standard email and should be shared only with authorized individuals. All transfer or sharing of confidential data must be performed using MSU Denver ITS-managed secure file-transfer and -sharing systems.
• Delete data when it’s no longer needed. Many security breaches involve data stored for longer than needed. If you properly delete data, it can’t fall into the wrong hands. Remember that physical copies of sensitive documents should be shredded and disposed of as well.
• Notify ITS if you think there is a data risk. If sensitive data has been inappropriately stored or shared, or if you think security solutions on your University-issued computer are malfunctioning, ITS may be able to prevent data loss or exposure if notified in a timely manner.
• Notify ITS immediately if you think there is a data breach. If data has already been lost or exposed, ITS may still be able to prevent the problem from escalating. The University also has obligations to notify external agencies and affected individuals if information-security incidents occur, so timeliness is critical.

Be aware that working remotely introduces a new way of accessing and processing confidential data in an environment that is not as secure as your office on campus, posing a greater risk of data exposure. It’s therefore critical that you use extra caution to prevent data breaches from happening. For example, conducting phone conversations and virtual meetings in a private room will help ensure that sensitive information is not inadvertently overheard by family, friends or workers. Never leave your unlocked work devices unattended, and use these devices only for University business. 

If you’d like to learn more about MSU Denver’s regulatory and policy guidelines, detailed information is available in the University’s Policy Library. If you have any questions or concerns about securing your data, please contact the ITS Service Desk at 303-352-7548, submit a ticket through support.msudenver.edu or email support@msudenver.edu from your MSU Denver email account.

This is the third article in a series that is being published weekly in the Early Bird throughout October in support of National Cybersecurity Awareness Month. Next week: securing your devices.