ESCCOData Security

TrainingDavid Dixon

September 2014

What is data security?

• For our purposes data security simply means keeping information safely in your possession or in the hands of a trusted recipient

When do I need to think about it?

• You need to think about data security whenever you are accessing, saving, or emailing data

Are there legal requirements we have to follow?

“FERPA” Family Educational Rights and Privacy Act of 1974

“HIPAA” Health Insurance Portability and Accountability Act of 1996

Is this going to get really complicated?

• The technical aspects of this topic can be highly complex

• However, basic awareness and a few simple guidelines can make your data less vulnerable

RED FLAGS!

• Social Security Numbers• Student Disability Information• Student Test Scores• Purchasing Card Numbers• Discipline Data

Any information that you would not want to share publicly

Accessing Information

DOs• Create passwords including upper and lowercase letters, numbers, and

symbols when possible GOOD3xamp!e $h0CA$E

• Change passwords periodically• Use different passwords for each account

DON’Ts• Don’t access agency information from either a public computer or public

network (e.g. library or coffee shop) • Don’t share or store your usernames or passwords where others can

access them• The ESC will never contact you to confirm your user name and password

Accessing Information Continued

• Trouble remembering all those passwords?– If you cannot remember your passwords, then

consider using a password management tool

Saving Files

DOs• Only save sensitive files on your ESC issued

computer

DON’Ts• Don’t save sensitive files on a public computer,

home computer, or mobile device (e.g. library computer or cell phone)

• Don’t save sensitive files on a thumb drive/flash drive

Sending Files Securely

When To Encrypt• When in doubt, encrypt your email

attachments• Any time you send sensitive information to

a non-@escco.org email address encrypt it

• When practical, avoid sending sensitive information

Sending Files Continued

How To Encrypt• Encrypting files using Zip Mail is as easy

as typing a password when attaching a file• Only information within the attachment is

encrypted; the email message is not secure

• Do not include the password in the same email as the attachment

Tips for Mobile

DOs• Protect your laptop, phone, or tablet (iPad) with

a password• Store your mobile device in a safe (locked)

location• Check to make sure you only connect to

secure wireless networks (password required)• File a police report and contact your supervisor

and the Help Desk immediately if you believe your device has been stolen

Tips for Mobile Continued

DON’Ts• Don’t store your mobile device in your car• Don’t leave your mobile device unattended

in a public place such as a coffee shop or conference center

• Don’t connect your agency issued mobile device to unsecured wireless networks (no password required)

Online Behavior

• Do not share student or staff information over ListServs, discussion boards, or social media websites (e.g. facebook or twitter)

• Keep in mind that we all have a “digital footprint” documenting almost everything we do, say, and post online (or that someone else posts about us)

General Tips

1) Be wary of suspicious emails or text messages when in doubt, delete!

2) Never store agency information online (“on the cloud”) unless specifically directed to by the ESC

3) Never share personally identifiable information with someone who you don’t know and trust

4) Be sure to lock or logoff from computers and mobile devices when not in use

If you need assistance resetting passwords or encrypting files please contact the Technology Help Desk at help.desk@escco.org or 614.542.4159

THANK YOU!