Security Tips: Data Protection
Protecting the data you work with every day requires consistent awareness. You should never consider the data you access inconsequential or unimportant. It may seem that way to you, but to an attacker it may be the final piece of information needed to complete a puzzle.
If you deal with financial data (such as budget information, purchasing information, payroll information, etc.), records (such as student, staff or faculty records, admissions forms, registration information, etc.), statistical data (such as spreadsheets and databases that store trends, performance data or projections), documents (such as policy statements, legal documents, employment forms and disclosure documents), contracts and grants, student papers and exams or professional research, you need to be concerned about the safety and integrity of that data.
Although backups are an obvious part of the equation, the questions each user needs to ask are: "Who, that is not authorized to do so, might be able to access the data I am working with and how might they be able to access it?" Once these questions are asked, some standard procedures should become readily apparent.
- NEVER leave your computer without locking it, even for a few minutes.
- Use a password-protected screensaver if the OS doesn't have a built-in locking mechanism.
- Be aware of who is around your work area and what they might see.
- Don't keep sensitive data on your computer unless it has a more secure OS (NT or UNIX.)
- ALWAYS log out or lock your workstation when leaving the campus.
- Don't save passwords when prompted to. It may be tempting to do so, but if someone breaks into your machine, either physically or virtually, they will be able to access anything you need a password for without even knowing your password. Furthermore, the most frequently given reason for forgetting a password is that it was saved, and its owner forgot what it was.
If the data you work with is too valuable to lose (and what data isn't?), arrange to have it backed up. Often this can be done by simply copying the data to a Zip device, but you may want to find out if your department or school has already set up a backup program for important data. At times, you will need to request that the network engineers arrange for routine daily backups to ensure against permanent loss. NEVER forget to back up important documents! Imagine the amount of work that would be involved in recreating the data you've already entered.
All departments and schools at UT Dallas are required by the State Department of Information Resources (DIR) to back up all critical data and maintain copies of those backups at an off-campus site so UT Dallas can completely recover from a major disaster. UT Dallas Information Resources Department complies with this policy fully. All servers under the control of Information Resources are backed up incrementally every night and completely once a week, and copies of those backups are maintained in physical locations other than where the servers are located.