Cybersecurity Awareness: Protect PNPI
Editor's note: This the fourth in a series of articles in observance of National Cybersecurity Awareness Month.
3:17 p.m., Oct. 23, 2006--During October, National Cybersecurity Awareness Month, the University's Office of Information Technologies (IT) has been reminding the University community of the importance of following good computer security practices.
“Everyone should examine their computing practices and take appropriate steps to protect their computers and the information they have stored on those computers,” Susan Foster, vice president for IT, said. “This week's point of emphasis is particularly important: We're reminding people to follow the University's guidelines for securing personal, nonpublic information (PNPI) and other confidential information.”
“This week's video tip reminds people to encrypt any PNPI stored on their computers and reminds people to be suspicious of e-mail messages or web sites that ask for more personal information than seems reasonable,” Ron Nichols, manager in IT-User Services, said. All of the University's National Cybersecurity Awareness Month videos are available at [www.udel.edu/ncam].
“During the summer and fall of 2005, our staff visited every department and reminded them of the importance of safeguarding personal and confidential information,” Kate Webster, an information resource consultant in IT-User Services, said. “When our staff make office calls to help people, we still sometimes find unencrypted PNPI on a department's computers--not just an individual employee's information, but information about students, clients, faculty and other employees.”
According to Karl Hassler, associate director of IT-Network and Systems Services, PNPI includes things such as social security numbers, credit card or bank account information, medical or counseling records, grades and other educational records, and “any sensitive or protected data linked to people's names.”
“Perhaps the greatest threat to the security of PNPI and other confidential information is an unsecured, nonpassword-protected, or compromised computer with access to that kind of information,” Hassler said.
The University's guidelines for protecting PNPI are listed at [www.udel.edu/pnpi/guid.html].
In summary, the University requires that:
“Encryption and basic computer security--keeping anti-virus, anti-spyware, operating system, and all programs up-to-date--are the keys to securing electronic confidential information,” Webster said.
“Encrypting information with a program like AxCrypt jumbles the information so that only those people who have the key or password can see the information,” she added. “If you ever have to take confidential data off campus, it is essential that you encrypt the data. What if your computer is stolen or you leave the USB drive that contains the data on an airplane? Encrypting the information keeps it safe in cases like these.”
Foster concluded that, “All of the things we've been telling the University community this month require action. That is, University students and employees need to understand that keeping their computers and information safe requires everybody to take an active role.
“So, this week, we ask all students to handle their own confidential information carefully, and we remind all faculty and staff that it is each department's and each individual employee's responsibility to be sure that any PNPI is handled safely, transmitted securely and stored securely.”
For more information, visit:
IT-Help Center's Cybersecurity Awareness Calendar [www.udel.edu/security/october.html]
UD's Cybersecurity Awareness Videos
UD's PNPI web site
UD's Software Tools for Protecting PNPI
UD's Computer Security News and Alerts
October is National Cybersecurity Awareness Month
Computer Security at UD
UD's IT-Help Center
National Cyber Security Alliance
Federal Trade Commission's National Resource About ID Theft [www.consumer.gov/idtheft]