Information Security Policy
Miles College Office of Information Technology has security policies in place for safeguarding data and information in its workstations, servers, mobile computing devices, storage devices, network, and communication devices. These policies also ensure that there is no theft of sensitive data, exposure of critical information, and theft or damage to the College’s devices. Any use of Miles College information technology systems contrary to this policy may lead to a withdrawal of access.
Miles College Office of Information Technology staff regularly assess unauthorized use of network; risk to network security; unauthorized access to information; unauthorized request for information; and third-party unauthorized transfer of information; systems corruption; a breach of integrity. In addition, these risk assessments are done to ensure the protection of our student information. Risk assessments are conducted consistent with system criticality and are performed by IT staff on a yearly basis. Cybersecurity tests are performed annually and network penetration is tested twice a year to identify breaches in security.
- Never disclose your password to others, in person, either by phone, or by email.
- Never leave your password at the default. Change it immediately.
- Make your password eight or more characters.
- Use a combination of upper and lower case letters, numbers, and special characters like @!&[*
- Never use all number or all letters.
- Never use personal information that someone could easily guess or discover your pet or hometown, etc.
- Never use any word found in a dictionary or the name of a sports team.
- If you must write down your password, keep it in a locked location.
- Change your password frequently, at least every 90 days.
- Miles College IT staff will never ask for your password via email or telephone.
- When you leave your desk, log off or lock your workstation with Ctrl+Alt+Delete or Windows Key + L
- At the end of day, logoff.
- Do not download or install a screen saver to your workstation, choose a pre-installed screen saver.
- Do not install software-commercial, shareware, or freeware-borrowed or purchased from another user.
- Use of peer-to-peer applications to share copyrighted materials, such as music or movies, is a direct violation of copyright laws. Do not do it!
- Your laptop is an easy access for identify theft. Protect it like your purse or wallet.
- When traveling, lock your laptop in the trunk of your car.
- Password protect or encrypt any sensitive information stored on the laptop.
- When you are away, lock it in a drawer, overhead bin, cabinet, or office.
- Never leave your laptop unattended in a public place, even for “just a minute”
- Never check your laptop as luggage when your travel.
- Never leave your laptop in a car in plain view on the sear or the floor.
- Never leave your laptop in a car overnight.
- Never user your business card as a luggage tag to identify your laptop case.
- Encrypt your hard drive if it is possible to do so.
Spyware is used by the advertising industry and by hackers. Spyware and Adware are software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites or monitor web sites you visit. Extremely invasive versions of spyware may track exactly what keys you type to steal username and password information.
- An anti-spyware/anti-virus package is installed to fight spyware and other malicious software.
- Other tips to fight malicious software: do not click on links with pop-up windows, choose “no” when you are asked unexpected questions, be wary of free, downloadable software, and never follow email links.
- If you believe you have spyware on your system, please contact your department’s IT personnel for assistance in having it removed.
- The minimum password length is set to four digits.
- To create a strong voicemail password, use five or more digits.
- Do not set your password to the same as your phone extension or employee number.
Viruses, Worms and Trojans, Malware
Viruses are computer programs designed to cause trouble to your computer. Worms are programs that replicate themselves and look for holes in networks or send themselves via email to infect as many other computers as they can. Trojans are programs that carry hidden, malicious programs.
- Fight malicious software by installing an anti-spyware/anti-virus package.
- Do not open email files from anyone you do not know.
- Do not open email attachments containing executable or movie files.
- Some files extensions to avoid include: .EXE .COM .CMD .PIF .SCR .VBS .WMF .ASF
Emails and Spam
- Always password protect your email account.
- Do not use your personal email account to send or receive sensitive information (credit card numbers, bank account information, SSNs, etc.)
- Do not send or forward email messages such as chain letters, jokes, and messages containing lewd, harassing, or offensive information.
- Be wary of unsolicited attachments, even from people you know. Viruses travel incognito, using legitimate email addresses to trick their way into users’ machines.
- Do not click a link in an email. Even if the link says one thing, it may send you somewhere else.
- Report other email abuses by calling 205.929.1498.
Phone / PDA / Mobiles Device Security Tips
- Set a password or PIN on your phone to prevent unauthorized use and make it more difficult to hack if stolen or lost.
- If your phone has Bluetooth functions, disable them until they are needed, and then set visibility settings to “hidden” so your device cannot be scanned for other Bluetooth devices.
- Limit the amount of sensitive or personal information, such as passwords and account information, stored on your mobile device.
- Consider purchasing anti-virus software for your phone, and make sure it is frequently updated.
- Download ring tones, games, and other personalized content only from trusted, regulated sites.
- Treat mobile devices as you would your wallet, keys or laptop. Do not leave them in plain sight and keep them close to you at all times.
- USB Drives / Thumb Drives / Jump Drives and other Mass Storage Devices
These drives are a very convenient and commonly used method to hold personal files and schoolwork. Unfortunately, the small physical size of these devices makes them easy to lose or to steal.
- If you use a mass storage device to store any important or sensitive data-class work, research data, personal files, etc.-make sure that the data is protected.
- Many modern mass storage devices come with a security utility that can encrypt sensitive files.
- If you do not have encryption on your mass storage devise, do not keep sensitive information on it.
Response to Incident
Miles College Office of Information Technology necessitates notification of incidents of unauthorized usage, access, and activity.
External Vendors (Formal Process will be Implemented in October 2018)
External vendors providing service to Miles College and those who have access to data information have to maintain the integrity of that data and information and safeguard it against security leaks. Other College units using external vendors for technology needs will forward the contracts to Office of Information Technology for review of the contracts.
Miles College Office of Information Technology offers a wide variety of services. These include:
- Training and education when requested.
- Tips on fighting spam & identity theft, protecting your laptop and more.
If you suspect that you have been a victim of a computer crime or abuse while at Miles College, please report the incident by calling the IT help desk 205.929.1498. Give as much details as possible: Who, What, When, and Where.
Questions on the above policy can be sent to firstname.lastname@example.org or call 205.929.1498.
Last Updated: May 2018