Archives For data privacy

Data Privacy Day 2015 Recap

John Knights —  January 30, 2015

In case you missed any of the tips, discussions, or useful resources throughout the Data Privacy Day events this month, we have consolidated a few of the key links below:

Data Privacy Day may be over, but we are going to continue along with EDUCAUSE in celebrating Data Privacy Month! Follow us on Twitter (@InfoSec_WIT), on the web (WIT Information Security Site), and our blog (Information Security Blog).

 

DPD_banner-468x60

Data Privacy Day (DPD) is observed on January 28th. Data Privacy Day is focused on, well data privacy of course. Officially recognized in the United States and Canada since 2008 as Data Privacy Day, today commemorates the first international treaty dealing with data privacy and protection. As we were last year, we are proud to join the National Cyber Security Alliance as a Data Privacy Day Champion and will be participating in the various discussions taking place over the new few weeks.

Want to get involved with Data Privacy Day, check out how at StaySafeOnline.org at http://www.staysafeonline.org/data-privacy-day/get-involved/.

Also, join in on the weekly Twitter chat series (@DataPrivacyDay), each Wednesday at 3pm by following #ChatDPD. More information available at http://www.staysafeonline.org/data-privacy-day/events/.

In addition to Data Privacy Day, EDUCAUSE will be observing Data Privacy Month from January 28th through February 28th. Join us and be a Data Privacy Champion!

There are various ways to stay connected with us:

DPD-Champion

 

Data Privacy Month Wrap-up

John Knights —  February 28, 2014

Throughout Data Privacy Month we have covered a few important areas to help you better protect your privacy and information online. As the month comes to a close, remember to implement the tips you’ve learned and guard your information year round. Protecting yourself from phishing and other types of social engineering relies only on your vigilance. Always be on the lookout for suspicious communication requesting information, especially when there are spelling errors, mysterious links, or when something just doesn’t look or sound right to you. Ensure that trusted websites are the official versions and not just impersonations before you submit personal information. If you are suspicious of a website, link, or any form of communication, you can report it to Information Security.  To better prepare you for phishing attacks check out our Phishing page and report any potential spam or phishing emails to SPAM@wit.edu.

If you still haven’t, check your privacy settings on social networks and ensure your personal data that you do not want made available to the public is hidden. You can prevent your pictures from being stolen and used for advertising without your permission and stop future employers from scrutinizing your profile during the hiring process. Secure your account and help prevent hacking by choosing a more complex password. Don’t be convinced by scams that seem too good to be true and remember that the best thing to do is not click if you aren’t confident about the link.  For more on staying safe on social networks check out the last Information Security blog.

If you are using a public Wi-Fi hotspots, make sure that your sharing settings are off to ensure that you are not broadcasting your computer to others on the same network. Remember, if you need to check your bank account on a mobile device, use a 3G or 4G connection whenever possible as it is more secure. If you are on a laptop, connect using a Virtual Private Network (VPN) service to create a secure connection, which will then secure your information. (For Wentworth employees that require VPN access to the campus network when working remotely, please email our Information Security Office to find out more.) Always be cautious when in a public space, even when connecting to “secured” or encrypted Wi-Fi hotspots as they may not employ the most up-to-date settings or security. At Wentworth, our LeopardSecure Wi-Fi network utilizes strong encryption, so you can be sure that your communications are secure.  To learn more about Public Wi-Fi read the Information Security blog about it.

If everyone does their part in protecting sensitive information and following safe practices when online, all benefit. Not only are you safeguarding your information when following these practices, you are also protecting your families, friends, and colleagues. For the latest news, advisories and alerts, follow Wentworth’s Information Security Office on Twitter at @InfoSec_WIT and on the web at www.wit.edu/dts/security.

Phishing is a type of cyber attack that utilizes social engineering in an attempt to steal your identity by obtaining your personal information. By impersonating a person or company you trust, the scammer tries to receive your passwords, credit card numbers, account numbers, birthdate, or other information. Phishing can also be conducted via e-mail, websites, telephone, or even postal mail.  The point is to exploit you without you knowing and with your help. Knowing how to protect yourself by learning how to spot phishing attempts can protect you against having you identity stolen.

Protecting yourself from this type of cyber-attack relies only on your vigilance online. Always be on the lookout for odd letters or emails requesting information, especially when there are spelling errors or mysterious links. Often a phishing email will pose as one company but the link inside goes to a completely different obscure website. Ensure that trusted websites are the official versions and not just impersonations before you submit personal information. If you are suspicious of a website, link, or any form of communication, you can report it to Information Security by forwarding the email to spam@wit.edu or abuse@wit.edu.

The Wentworth Information Security Office also provides more on how to better prepare you for phishing attacks at our phishing information page.

What better place to catch unsuspecting people who are bored and want to go online than the airport? Next time you’re flying be cautious of the wireless network you choose to join on you mobile device because it could easily be an ad hoc network (phone to phone connection) or another trap set by a hacker. Often times a hacker will intercept information over an unsecured Wi-Fi network and acquire people’s passwords to social media or worst yet, their credentials used to access their bank account online. Think of unprotected Wi-Fi like a mailing a letter in a transparent envelope and placing it in an unsecure mailbox, you have to leave the information in it and wait for the mail carrier (website) to pick it up. If a hacker gets to the information before the website (mail carrier), he could view the contents and even tamper with it. The safest thing is to never input sensitive information on an unprotected Wi-Fi network.

If you need to check your bank account on a mobile device, use a 3G or 4G connection whenever possible as it is more secure. If you are on a laptop, connect using a Virtual Private Network, or VPN service to create a secure connection, which will then secure your information. (For Wentworth employees that require VPN access to the campus network when working remotely, please email our Information Security Office to find out more.), Always be cautious when in a public space, even when connecting to “secured” or encrypted WiFi hotspots as they may not employ the most up-to-date settings. At Wentworth, our LeopardSecure WiFi network utilizes strong encryption, so you can be sure that your communications are secure.

A few other things to consider when using public WiFi hotspots. First, make sure that your sharing settings are off. This will ensure that you are not broadcasting your computer to others on the same network, limiting your potential exposure. Secondly, be careful even when you’re on a secure Wi-Fi network when it comes to your personal information. Chrome’s Incognito and Mozilla’s Private Browsing modes will cover your tracks on your computer but they leave the data you share vulnerable. Many sites allow for secure connections using an encrypted channel to their web site, through HTTPS. The problem is that even though it is available, many sites use the unencrypted HTTP as a default to ensure connectivity. There is a tool that you can use with your browser named HTTPS Everywhere. HTTPS Everywhere is a browser plugin that solves this problem and secures your data. Stay encrypted while browsing by default on every website that allows it. This is available for Mozilla Firefox, Google Chrome, and Opera.

DPD_banner-468x60

 

 

 

Today is dedicated to a topic that has been on the news and a lot of our minds for the past year, data privacy. Officially recognized in the United States and Canada since 2008 as Data Privacy Day, today commemorates the first international treaty dealing with data privacy and protection. The Wentworth Information Security Office is proud to join the National Cyber Security Alliance as a Data Privacy Day Champion by launching a month long awareness effort to better inform and educate our community on data privacy and protection.

As we move forward over the next month, we will provide you with few stories, useful links, and a few tools to both better inform you on the main concerns of today and how to protect your data, as well as how to ensure we are all doing our part to protect and safeguard institutional data. Please join us on our blog site for these weekly articles and follow us on Twitter for up to the minute updates, announcements, and interesting reads.

DPD-Champion

National Cyber Security Awareness Month is in full swing and this week’s topic is about protecting data. Information security is all about protecting the privacy and availability of data. One of the main causes behind a compromise of data privacy is accidental disclosure. Members of Technology Services are continually working to improve the systems and tools used to protect the Institute’s data privacy and availability, but there are limitations to what can be done centrally. Review the following tips you can use to ensure that we all are working together to secure our sensitive data and protect the Institute against accidental disclosures.

TIP 1: KNOW WHAT DATA YOU HAVE. Before you can protect data, you need to know what you have that needs protecting. The Institute utilizes a tool called Identity Finder. This is a good tool that searches through all the files on your computer to identify potentially sensitive information based on the criteria you provide. For example, if you select it to search for social security numbers, it will search for all potential ways that it can be expressed (e.g., with or without dashes) and return the results to you. What is especially useful about this tool is that it can perform tasks on the files, such as shred (deletes the file in a secure manner) or quarantine (relocates files to a predetermined location for easier management), when they match the criteria you have set. For more information on Identity Finder and how to use it, please visit our Identity Finder resource page. For those that do not have it installed on their machines, please go to our Tool & Resources page for information on obtaining a free version.

TIP 2: DELETE WHAT YOU DON’T NEED. Once you determine what sensitive data you store locally, consider whether or not you really need to have it. If it is data that your department uses, then store it on your department’s shared drive. Of course set the permissions on the folder(s) to ensure only those that need the data can access the folder. Another route would be to utilize your P-drive. This stores the files on our trusted datacenter and is routinely backed up. For more information on these options, visit our page on connecting to network resources.

TIP 3: PROTECT WHAT YOU KEEP. Data protection can be accomplished by following computer security best practices for data protection. The basic three are:

  • Encrypt data that you plan to transport, including via email or on a mobile device such as an iPad;
  • Use strong passwords on all devices and ensure that they automatically lock after a short idling period;
  • Physically lock down your mobile devices, on and off campus.

This list is in no way complete, but it is a strong start. Collectively, they will help you keep the data you chose to store on your machine safe. For more information on these best practices and tools available to follow them, please contact infosecurity@wit.edu or visit our Tools & Resources page on the web.