What are universities doing to reduce the risk of Information Theft?

Shawnee State University:

1. Employee Education  University employees are being educated about the importance of information security.  UIS is launching its own Security Awareness Education Campaign, "Be Informed, Be Aware, Be Responsible About Information Security" in which employees are made aware of the need for security awareness in their daily routines.  In addition, the University is participating in the Federal Trade Commission's educational program on Identity Theft entitled "Deter, Detect, Defend; Avoid ID Theft" which educates individuals about how to avoid personal identity theft.  Employees are also educated on and expected to abide by the UTAC approved "Conditions for Information Security and Best Practices". 

UIS is conducting information sessions with campus departments to discuss this web site and what it means to each employee. Employees and departments may watch this video at their own convenience to understand what steps you can take to protect the date you use each day. Click here to view the video.

2. Avoiding the use of Social Security Number as an identifier  Shawnee State University has nearly eliminated the use of the Social Security number as an identifier for students and employees.  By using identifiers such as the CARS ID in its place, the risk has been greatly reduced.  University departments are continuing to identify any remaining areas where this can be eliminated.  

3. Reducing the use of identifier information on printed items  Printed items such as receipts or payroll related items are being modified so that, where possible, identifier information such as bank account number, credit card numbers, etc are not displayed.  University departments are continuing to identify any remaining areas where this can be eliminated.  

4. Confidential or officially protected data must be stored on UIS protected servers only  Any and all files, including databases, spreadsheets, word processing documents, and reports with confidential or officially protected data must reside on UIS managed secure servers.  This means that files with confidential data cannot be stored on local workstations, shared on local drives, or saved to any portable media.  In addition, these files may not be transmitted by email without a secure connection. University Departments are continuing to identify if they have  any such data which is not currently stored on a UIS protected server and with the assistance of UIS it will be relocated to an appropriate and secure location. 

5. Prohibiting the use of confidential information on mobile devices  Mobile Devices, including but not limited to, laptops, email, disks, CDs, DVDs, USB Drives, iPods, PDAs, and pocketPCs should never be used to store, back-up, or transfer confidential or identifiable data.  UIS will work with each department individually to help identify and determine if they have a need for shared secure server space or proper secure back-ups. 

6. SSU Policies and Guidelines Shawnee State University employs several board approved policies as well as Conditions for Information Security and Best Practices that have been approved by the University Technology Advisory Committee (UTAC) as a means of regulating the use of data and information on campus.

7. Incident Response  Individuals suspecting a data loss or theft incident must complete the Confidential Information-Data Loss or Breach of Security Incident Report.  The submission of this form will initiate the university's response as a part of the larger Emergency Response Plan for Information Security. 

Individuals are required to know and comply with UTAC's approved Conditions for Information Security and Best Practices. Failure to comply with these practices may result in loss of computing privileges and/or disciplinary action.

Users connecting to the Shawnee State University Network agree to abide by Shawnee State University’s Network and Computer Policy 5.30. This Board of Trustees approved Policy governs access to all University computing facilities and network resources.

Other Universities' Efforts:

Shawnee State University is working to create an environment that balances security with accessibility.  The efforts we are making are in line with the activities of other Ohio public institutions.  The following links show the current efforts of these institutions.

Bowling Green State University http://www.bgsu.edu/its/security/index.html

*Miami University http://www.units.muohio.edu/mcs/information_security/index.shtml

*The University of Toledo http://www.eitnetwork.utoledo.edu/security.asp

Ohio University http://technology.ohio.edu/about/#security

The Ohio State University http://cio.osu.edu/buckeyesecure/

For a list of all Ohio Inter-University Council member schools visit http://www.iuc-ohio.org/

*Thank you to Miami University’s Security Office and The University of Toledo for sharing their Information Security Awareness efforts and practices.