Cyber Security for all
Cyber security is all of our responsibility
Identify physical risk around you?
We should all be aware of data around us and the security of that data. All PVAMU faculty, staff and students play a very important role in protecting our systems and in the protection of our data. Whether you are in the board room or the break room there are some steps that you can take to protect yourself. Ensure that all drawers containing sensitive information is locked before your leave your workspace. Complete a visual inspection of your work area to see if there is any information lying around that could be used to compromise you or the university. Always remove and secure your jump drive and removable disk if you have a shared workspace or if you must leave your room unintended. If you are traveling it is also a good idea to secure all your devices and encrypt them if possible. Stolen devices that are not encrypted easily have their data accessed even if the cyber thief does not know your password. DO NOT KEEP PASSWORDS in your work space.
Can you identify the different types of Data?
PVAMU follows the Texas A&M University Data classification policy. Knowing the type of data that you are working with is very important as it will impact how you work with the data or store the data. PII, PCI, FERPA or HIPAA data should never be emailed unless it is encrypted; this can include W9’s, insurance information, confidential release forms, credit card information, etc. If you have any questions on the type of data that you have please feel free to contact us.
Who has access to your Data?
Do not share passwords – TAC 202 requires that all systems be audited for user access. If you allow other users to use your account or share your password, you will be held responsible for their actions DO NOT SHARE YOUR PASSWORDS.
Access Review – When users leave the organization, the clearance process will often remove user access from the system, but regular employee’s access reviews should be completed for all shared drives and systems every 150 days. It is not unusual for users to change roles or change departments; however, unless notified by the data custodian, the user’s access to those previous systems associated with their old responsibilities will remain the same. It is the job of the data custodian/ manager to request that the employee’s access be removed from all systems. This also includes third party systems such as government agencies, vendors, etc.
Remember, users should only be given access to systems and data that is required for them to complete their job duties.
Accessing public Wi-Fi
When traveling, it is a good idea to physically secure all your devices and ensure that they are encrypted. Encrypting your devices will ensure that if the devise is lost or stolen, no one will be able to access your data. If you are traveling and you must work on the road, always use VPN access to secure your data. Many public Wi-Fi sites are susceptible to being breached by third parties that will try to access your data using various attack methods. Be sure to always keep your computer operating system, antivirus and anti-malware up to date.
What does the world know about you?
Protect the data that you post about yourself, privacy increases security. Attackers will often search social media to learn as much about you as they can. Once they have gathered enough information they will then begin their attacks. It is quite common for users to use their birth date, pet’s names or their maiden names in their passwords or security questions. An attacker can often pull this data from social media. You should also be very mindful about what you post about your job. Often times attackers can use this information in attacks against PVAMU.