These general concerns are beneficial to everyone, but they are particularly important if you work with confidential data or other sensitive information.
- Keep what you view on your computer screen private. Consider if it is possible for someone to walk into your workspace and see sensitive data on your screen. Take steps to prevent this, such as turning your monitor or using a privacy screen.
- Keep your equipment safe. One of the most common ways data is lost is via stolen hardware. Don’t give someone an opportunity to walk off with equipment where you keep sensitive data, such as your computer, mobile, or portable storage devices. Sensitive data stored on devices you take out of your workspace is at particular risk. Steps to prevent hardware theft include locking your computer down and storing small devices out of view, preferably in locked drawers, when they aren’t in use.
- Keep security in mind whenever you work off campus. Review the Working Off Campus section of this web site to learn why you should use the Cornell Virtual Private Network, the importance of setting up a secure home wireless network, and why you should be extra careful when using kiosk computers.
- Find out what backup solutions your department recommends, and keep data backed up. Regular backups not only protect you against losing all your work, but if your computer is lost or stolen, having the backed-up data at hand makes it possible to determine what sensitive data may be at risk.
Do-it-yourself backup solutions pose risks. For example, data may be backed up on an irregular basis, or it may put confidential data at risk by storing it on external hard drives that are easy to steal. For this reason, do-it-yourself backup solutions are discouraged. Use a backup service that guarantees data is backed up regularly and stored securely. Contact your department’s technical support staff for recommendations.
Specific requirements for confidential data
- Encrypt any passwords stored on your computer that access confidential data.
- Keep confidential data stored only as long as is necessary to complete the work for which it is intended. That applies whether the confidential data is stored on your computer or a departmental file server.
- Always transmit confidential data securely.
- You must not send confidential data in an email, in the body of a message, or in an attachment, unless the data is encrypted. While Microsoft Office 2007 includes a facility for appropriately strong encryption of documents, the password-protection feature found in older versions of Word and Excel is not sufficient. Similar facilities in other applications may or may not fulfill this requirement.
- You must not send confidential data in an IM (instant message) or a text message.
- The Cornell Dropbox is a good approach for exchanging sensitive data with others at Cornell. See dropbox.cornell.edu.
- Always store confidential data securely.
- Confidential data should only be stored on a file server if it is in a folder that can only be accessed by people authorized to see it.
- Confidential data must not be stored on a server that is also used to host a web site open to the public.
- Backups of confidential data are always subject to the same restrictions as the original data.
See Additional Requirements for Computers Storing Confidential Data for more information.
"What should I do with my old computer when it’s time to throw it out?"
When you retire hardware, be it your old computer, thumb drive, or a stack of CDs, it is necessary to take steps to sanitize and dispose of data appropriately, so it cannot accidentally fall into malicious hands. If your computer or other media stores confidential data, make sure to give it to your department's technical support staff for proper disposal.
