|
We wanted to update the campus about some recent and soon-to-be implemented changes related to information security. These changes are meant to enhance the protections we have on our systems and services, and to better protect the data that the college is entrusted with by our students, faculty, staff, alumni, and donors. This is not a comprehensive list, but is a highlight of the some of these changes.
Identity Finder
We are now using an application called Identity Finder on the office PCs of areas most commonly dealing with sensitive data. The application will find sensitive data (such as Social Security Numbers, or credit card numbers) stored on the local machine or the network drives (F/G/H). Once we find such data, we can work with the offices to reduce risk by either:
- Delete the sensitive data, if it is old data that is no longer needed
- Or adjust internal IT systems (so that such data isn’t exported along with less sensitive data)
- Implement security controls to protect the data so that it can be used but is less at risk of compromise
IT is working with Internal Controls on this application.
Login Message on Office PCs
Starting June 1st you’ll see a difference when you login to your college owned office PC or laptop. There will be a login banner displayed with message regarding technology policy. This is meant as a reminder that college owned computers are primarily for business use. This periodic reminder will hopefully raise awareness of these policies.
Note: For now this will only be on Windows systems but will apply to Apple systems at a later date.
Annual Security Awareness Training
SUNY New Paltz will be restarting our online information security training soon. We will be using the same application as last year, “SANS Securing the Human”, though much of the content is updated. Information Security Awareness. As of September of last year, the SUNY Board of Trustees has added such training as a mandate for all of SUNY. We will again be requiring anyone with sensitive data access to complete the training, along with any faculty or staff who have started since working here since last August.
This training covers many of the common online risks and is useful to help you keep not only the college’s data and system’s safe – but to stay safer online in your personal computer and Internet use.
Other Updates and Changes
If you've been reading/watching the news, you've probably been hearing about some of the latest cybercrime issues (fraudulent Google Docs phsihing messages, and the newest Ransomware). Rest assured that Information Technology Services is always working to try to protect the campus from these kinds of issues. We can only do so with your assistance and vigilance. Thanks as always to those who are reporting potential security issues such as phishing emails to us, and being cautious about what you click online. Your caution helps keep the data the college is entrusted with (by our students, faculty, staff, alumni, and donors) safe!
|