As an instructor, you handle confidential and sensitive data such as student records, grades, accessibility and disability information, and exams. You also have access to McMaster systems like Mosaic, email, Wi-Fi, classroom computers and computer labs. The Information Security Policy helps you understand how to protect and safely access that information and those systems.
As an instructor, you have access to a lot of confidential and sensitive information, especially when it comes to your students. You are responsible for making sure that the information your students share with you is treated with respect and care.
You do this by following the Information Security Policy, and using the standards and guidelines wherever you can. This means your password is strong, safe, and not shared, and that your computers and mobile devices are protected by antivirus. This also means that you don’t send student data in emails without encrypting it, and you don’t let any other people access the information that you store on your computers, devices, USB keys, and other places.
As an instructor, you handle private information that is important to your students, so you need to be careful, but it can be hard to understand how careful you should be with different types of information. The Information Classification Matrix is an excellent tool that provides guidance help instructors understand the major part of the Information Security Policy, and it’s an excellent tool to help you handle sensitive information safely.
IT Security Hygiene
IT Security Hygiene is the protection and maintenance of the computing devices that we use to access information, such as personal laptops, mobile devices, and desktop or virtual computers used within labs. Maintaining good IT Security Hygiene includes simple steps such as:
- Install a trusted antivirus program, and run periodic scans of all files on your computer;
- Install browser based security extensions or add-ons;
- Install security updates and software patches in a timely manner;
- Turn on your computer’s personal firewall;
- Separate your computer’s administrator privilege from its day to day use;
- Use only strong passwords;
- Uninstall software that isn’t being used.
The Information Security Policy requires that every member of the McMaster community take responsibility for the computer they use to access McMaster resources. The Client Computing Devices Security Standard (draft) provides specific guidance on security requirements for laptops, desktops, tablets, and mobile devices.
Reporting an Incident
How we react when something goes wrong is critically important when dealing with information security. The Information Security Policy requires all members of the McMaster community to report known or suspected IT Security and Privacy Incidents to the appropriate authorities.
Take the time to learn how to identify Information Security and Privacy incidents, and how to report them. Watch for IT Security alerts and notifications sent via email, or posted to the @McMaster_ITSec twitter feed and the McMaster IT Security Facebook page. Reporting incidents is not embarrassing or cause for punitive action; reporting incidents fully and quickly is a helpful, positive act that helps keeps our information safe.