Tips of Security

By: InfoSecurityLab

Protecting private information

Information is the lifeblood of most, if not all, modern organisations, so protecting (this) information against unauthorised disclosure, modification or erasure is a basic requirement of management. Executives and staff in all organisations rely on the timeliness and accuracy of information in order to operate in the most efficient and effective manner. Increasingly, with advances in technology, there is the danger that this information may be unavailable or may be corrupted, either accidentally or deliberately. There are frequent reports of computer hacking (unauthorised access to computers), viruses and other disasters that can affect information such as fires, power failures or simple human error.

What Is Sensitive Information

Sensitive information can be many different kind of information, like:

* Name, address, phone number

* Date of birth

* Social Security Number (SSN)

* Credit card numbers

* Driver's license number (DL)

* Banking and financial information

* Medical information

* Employment/education information

* Patient, Student and Faculty records

* Grades

* Intellectual property (your creation)

* Proprietary information (unique data)

* Trade secrets (Coke)

* Passwords and access codes

Protecting Information In Your Office Area

A few basic steps to secure information in your office:

* Documents that include sensitive information need to be secured during printing, transmission, storage, and disposal.

* Don't leave paper documents containing sensitive information unattended. Credit card slips or paper checks should not be sent through intercampus mail.

* Be aware of the potential of others to overhear sensitive information. Don't discuss confidential information outside of the office.

* Verify identities of all visitors and escort them; verify identities of those requesting sensitive information.

* Lock your office, desks, and file drawers when unattended. Don't store keys in easily accessible areas.

Protecting Your Computer And Its Information

Simple steps to protect your computer and its information:

* Lock down PCs, laptops, PDAs, flat panel displays, printers, and other high-value items.

* Avoid allowing strangers or visitors to use your computer. Be aware of who can see your screen, especially when viewing sensitive information.

* Create strong passwords or pass-phrases. Use a combination of letters and numbers, and don't use dictionary words.

* Change your passwords when prompted by the system and never share them or write them down.

* Avoid discussing confidential information, accepting downloads or authorizing transactions or payments on IM, IRC or other chat programs.

* Privacy and confidentiality of email messages is not guaranteed. Information can be opened or read by someone other than the intended recipient. Exercise caution in using email to communicate confidential or sensitive information.

* Use only approved and necessary software applications.

* Make sure anti-virus software is installed on every computer you use.

* Make a backup copy (to a removable disk or flash drive) of your most important files and store the backup in a safe place, preferably in a different location. Backup your files at least on a weekly basis.

* Delete files you no longer need.

* Don't accept unsolicited downloads.

* Don't use P2P or file-sharing systems.

* Log off when not using your computer or at least use a screen saver that requires a password.

* Turn your computer off when leaving for the night.

* Follow all LTS and University IT policies and procedures regarding information technology security. Immediately advise an LTS supervisor of any suspicious activity on University computers.

Protecting Your Trash Can

Also be careful with your Trash can:

* Avoid careless disposal. Shred any discarded materials containing sensitive or confidential information.

* If you find sensitive information carelessly discarded in a public place, notify your manager.

Protecting Your Privacy

Never give out personally-identifying information unless you know:

* Who is receiving the information

* Why the information is needed

* What specific elements of information are needed

* How the information will be used, and by whom

* With whom the information will be shared

* How the information will be protected

Article source: InfoSecurityLab


» More on Security