Data Protection Principles
The key to protecting any important data, whether personal or institutional, is to follow a few basic principles:
Know what you want to protect and where it resides
Information accumulates over time: old email, bulging file drawers, folders on a shared server, or files on an old hard drive of a standby computer. Some data can be quite old and now long forgotten, making it more likely to contain personally identifiable information (PII), such as social security numbers. Review old files and folders and securely dispose of information no longer needed or archive that which should be saved. In the coming months the Information Security Group (ISG) will introduce an initiative to help locate and root out such data. A self-scanning tool will become available to members of the Brown community to aid in identifying and better managing their PII.
When in doubt, leave it out
Besides managing old files, it will save time and future headaches to store only the information needed to perform your Brown or personal business. Keep this adage in mind hen dealing with electronic or paper files to help protect yourself and Brown.
If you collect it, you must protect it
When PII must be available in some form, be a good steward and protect it. Review this website, which contains a wealth of information on how to secure PII in various forms and locations. Elsewhere in this section is information on securely storing data as well as sending and sharing it. The Secure Your Devices section has tips on dealing with malware, keeping your operating system and software current, backing up devices, safe remote access and physical security. Visit Guard Your Privacy to learn more on how to protect your privacy, phishing and strong passwords.
It's not secUre without U!
No matter how strong Brown's technical defenses may be, each individual is the critical link in providing a secure computing environment. Firewalls may be thick and strong but are no match for someone who gives away a password or allows their networked computer to be compromised by clicking on a bogus link or not keeping their anti-virus up-to-date. Tip: Read about how to spot the phish and malware menaces.
Have a plan
Whether you manage only your own information and computer, or an entire department's computing environment, it pays to plan ahead. Set a regular schedule for back ups, weeding out unneeded data, updating your software to the latest version and knowing who to contact in the event of a security incident.
Refer to the "Checklist for Protecting Information" for recommendations on securely handling information, whether communicated orally, via email or online, stored on paper or electronically, transmitted via mobile devices, etc., as well as the document Information to Comply with the Policy on the Handling of Brown Restricted Information.