In the course of doing business, University employees may need to collect, store, process and transmit data that REQUIRES protection from unauthorized exposure. Some of this data includes, but is not limited to:
- Social Security Numbers
- Drivers License Numbers
- Personally Identifiable Financial Information
- Personally Identifiable Health Information
- Credit Card Numbers
- Student Education Records
- Data prohibited from disclosure by contract or license agreement
- Human Subject Research data that identifies individuals
In order to protect this data from unauthorized exposure, University employees should follow the steps, tips and recommendations listed on this page. If you have any questions on how to accomplish these items, please contact the Information Security Office.
Data Protection @ BGSU
Data Destruction & Recycling Service Address Change Email Confirmation
BGSU provides PGP encryption technology to safeguard protected information and increase privacy. Featured security benefits include:
- Whole disk encryption for protection of University office systems and laptops
- Virtual disk that provides encryption protection similar to removable disk drive
- Ability to securely erase protected information after usage
- Available for Windows and Mac computer systems
Contact the Technology Support Center at (419)372-0999 to schedule installation.
System Administration Best Practices
Data Protection Resources
Web browsers are one of the most used applications by computer users and provide the ability to browse the Internet, research topics and access information from remote locations. Over-time web browsers have increased in sophistication and complexity by integrating with additional third party applications.
Unfortunately this complexity has increased security risks regarding web browsers. Many of these third party applications and technologies have vulnerabilities (weaknesses) that are discovered and exploited by attackers to gain access to computer systems.
An example of a popular third party application is Adobe Acrobat Reader. It remains under constant attack due its presence on 98% of all computers. (Infosecurity.com 5/27/10)
Disabling all third party applications and technologies would also prove to be difficult because this may decrease the usability of the web browser for legitimate work related tasks. What is required is increased attention regarding available technologies and learn to configure them to fit your needs without compromising security.
The following tips provide a starting point to help keep your web browser secure:
- Avoid visiting un-trusted web sites. Additional tools such as WOT can be helpful.
- Keep operating system software and virus protection software updated
- Install web browser security updates when released
- Avoid installing any third party web software unless required for work related purposes.
- Learn to use available security features for web browsing software
Identify data under your control
Places to look: desktop hard drive, laptop, file servers, web servers, PDA’s, cell phones, and storage media. These include disks, flash drives & USB keys, CD’s & DVD’s, and paper documents.
Inventory what is stored
Look for sensitive information such as Social Security Numbers, financial information (such as credit card numbers,) student identification numbers, driver’s license numbers, medical or geographically identifiable information.
Decide if you need to store & process this information
For example, is it really necessary to store Social Security numbers or can they be accessed elsewhere? If SSN’s are necessary, can you redact these numbers to only show the last 4 digits?
Dispose all Social Security & credit card numbers, access codes, driver’s license numbers, bank account numbers that you ABSOLUTELY cannot do business without storing yourself. Look for ways to access secure data resources that contain the information you need to complete the necessary purpose.
Once data has been identified for disposal, use secure disposal technologies. For examples: shred sensitive paper documents, securely wipe hard drives and flash drives, and destroy storage media containing sensitive information that is no longer needed.
Use encryptions technologies to encrypt sensitive data on hard drives and USB keys. PGP is the supported encryption technology at BGSU.
Stop and Think
When you come across Social Security numbers, credit card numbers, bank account or financial information, driver’s license numbers or other sensitive information, ask these questions:
Why do I have this data?
Is the data absolutely necessary a business requirement?
If absolutely necessary, handle confidential data securely, appropriately and double-check addresses and phone numbers before securely transmitting or transporting.
If not absolutely necessary, DISPOSE of securely. If confidential information was sent to you and it is not necessary; contact sender immediately. Tell them to stop sending confidential information to you!