Share:

Refresher: Data privacy at Miami University

Data privacy is becoming more of a household term. Businesses, government organizations, and private citizens alike bring attention to its importance through the observance of days like Data Privacy Day (Jan. 29) and Safer Internet Day (Feb. 6). In addition, Cybersecurity Awareness Month is celebrated each October.

In higher education, data privacy is an even bigger deal. Miami University takes how we collect, analyze, and secure student information seriously. And especially here in Information Technology, we do everything in our power to ensure the security of student, staff, and faculty personal information (PI).

One way data privacy is being addressed is via local, state, and federal legislation. Part of this equation is determining exactly how schools and their service providers gather, use, and protect student information. According to Educause contributor Amelia Vance, over the last five years, over 120 state laws have been enacted to try to strengthen the security of student data.

Let’s take a look at some ways Miami University faculty and staff can avoid becoming another statistic and keep their data safe:

1. Don’t fall for phishing scams

If it seems like “phishing” comes up often in tech circles, that’s because it remains one of the biggest ways cyber criminals gain access to information they shouldn’t. Between 2013 and 2016, more than $500 million was lost to phishing, according to Forbes.

The biggest way to combat the impact of phishing is education: It’s important to learn what these scams look like. Phishing emails are created to look like messages from people you know or trust; sometimes there aren’t any glaring red flags. But in general, phishing emails may have misspelled words, or come from a server that isn’t miamioh.edu. It’s also important to be mindful of email attachments. Ask yourself: Do you trust the sender? Is it a file you asked for?

If you receive what you suspect to be a phishing email, please alert the Information Security team.

2. Install two-factor authentication

Two-factor authentication adds a second layer of protection to websites that require logins. In general, two-factor authentication requires you to have:

Something you know (your password).
Something you have (a hardware security token or smartphone application that supplies randomly generated access codes).

At Miami, in order to access W-2 information, two-factor authentication is required. This helps to keep PI safe from prying eyes. According to Symantec, 80 percent of data breaches could be prevented with two-factor authentication. In fact, successful phishing attempts can be curtailed if email requires that second factor - because even if would-be hackers got into your email, they wouldn’t have access to the smartphone app or hardware device that you keep on your person.

3. Utilize a password manager

White text on red background that says 'keep calm and change your password'

How do you remember your passwords? Do you keep a list of them on a sticky note attached to your desktop, or save them in a text file on your desktop? Here’s our advice: Quit doing these things immediately. Instead, use a password management tool like LastPass or KeePass.

Password management tools help users keep track of all their passwords. It’s like a locked bank vault with all of your passwords stored inside; all you have to do is create a strong security key to protect that vault. The tool will store all of your important codes and sites. This way, you only have to remember one password, instead of a hundred.

4. Encrypt data

Encryption is the process of converting information into code so that outside forces can’t read it. At Miami, mandatory university-owned laptop encryption was rolled out near the end of 2017.

It’s not a bad idea to encrypt personal machines, as well. Services like FileVault (Mac) and Bitlocker (PC) are easy to use and come already loaded onto pre-built computers.

5. Automate software updates

Bugs in code can be exploited by hackers to gain access to critical information. A ready example of this is when the Heartbleed bug was made public in 2014 or, more recently, when the Meltdown and Spectre vulnerabilities made the media rounds.

When bugs are found, companies push updates to the impacted devices and programs. Enabling automatic software updates is the easiest way to ensure your machine picks up these changes and applies the new or improved security protocols.

6. Destroy unneeded or outdated documents

Another way to make sure information doesn’t fall into the wrong hands is to get rid of it. The age-old question of “when should I shred my files?” has been answered by Miami’s office of general counsel, which dictates, for instance, that documentation of general administrative activities should be kept for no longer than three years. See the full list of document types and mandatory shred-by dates.

Here’s where we come in. Every year, IT Services hosts ShredFest. This is an event where faculty and staff can bring their old files and have us eviscerate them beyond recognition. This year, ShredFest will take place on the Oxford campus May 17, and at the regionals May 21. For more information, please visit the ShredFest website and view our save the date.

Data privacy can be a scary subject, but it doesn’t have to be. Taking these steps to secure your information can be the difference between strong and weak security strategies.

As always, if you have any questions about information security and how Miami University combats security issues, get in touch with the InfoSec team!