Network Security
Secure Computer Use Is Your Responsibility
While your department may have staff who provide computer setup and assistance, ultimately you are responsible for taking care of your computer and guarding the information it holds. Following security guidelines and good business practices is part of your job duties. The vast majority of computer breaches that we have investigated over the past few years have been the result of weak computer practices, less-than-satisfactory data-handling procedures, or poor personal choices. It is the responsibility of everyone who uses a computer at work to protect NYMC data. The data on your computer is college property that has been placed in your care. Much of the data we work with is sensitive, such as Social Security numbers, payroll information, grades, and more. Though all college data needs to be protected, whether considered sensitive or not.
Consequences of Not Practicing Secure Computing
Keeping your computer secure takes vastly less time than recovering from a security problem. If your computer is compromised, you will likely lose access to it for at least a few hours, possibly days. You may also lose any work you did since your computer was last backed up. If the security problem put sensitive data at risk, or if your computer is lost or stolen, the effects can be far-reaching:
- You may be held accountable for any negligent action, or inaction, that led to the incident.
- The college may suffer financial loss as well as loss of reputation.
- The individuals whose data is compromised could potentially also suffer financial loss, identity theft, and unwanted public exposure of private information.
Recovering from a computer compromise or loss of sensitive data, large or small, can take people many hours and, as a result, is an expensive activity.
Consequences of Mishandling Sensitive Data
Mishandling sensitive data can lead to NYMC suffering financial loss or loss of reputation. The possible loss of certain types of data requires NYMC to report the event to government agencies and inform possible affected individuals. If there is even a possibility of data loss, responding can easily consume hundreds of hours and is, as a result, an expensive activity. It can also involve many people from both within your department and elsewhere around campus and, consequently, can significantly disrupt college business. Many universities, even NYMC, have experienced the repercussions of losing sensitive data, including:
- Regulatory fines
- Loss of funding from government agencies
- Lawsuits
- Loss of donations and gifts
- Loss of reputation
What Happens When Data Is Exposed
What happens when NYMC data maybe have been exposed to an intruder or malicious software? If an intruder has gained access to a computer used at NYMC that contains sensitive data, the IT Security Office will lead an investigation of the incident.
- The computer’s hard drive will be copied for analysis.
- Information on the computer’s hard drive and other data, such as network traffic history, are analyzed to determine whether sensitive data may have been exposed.
- The College’s response to the incident is determined by a team whose members include:
- Vice President for Information Technologies (chairs the group)
- IT Policy Office
- IT Security Office
- Audit Office
- College Counsel
- NYMC Security
- College Communications
- Risk Management
- Officers meet to review the incident and determine how the college should respond to it. If there is a reasonable likelihood that sensitive data could have been accessed in an unauthorized fashion, Officers determine which potentially affected parties need to be notified. The Officers also consider what actions are needed to avoid similar incidents in the future.