Security is a shared responsibility. We all have a part to play.
All Berkeley data is assigned a “Protection Level” - even emails and Google docs! That’s because the information kept within has value. The Information Security Office treats systems hosting sensitive data differently by protecting them through special firewalls, scanning, log review, amongst others.
However, it’s up to you to protect this data properly on your devices.
- Are you doing research involving human subjects?
- Do you have a spreadsheet with student IDs on your computer?
- Are you emailing students regarding advising information?
- Do you have donor or alumni information on your computer?
- Do you work with other people's personal information
Here is what you can do:
- Start thinking about if you have Protected Data and specifically, where you store P3 and P4 data:
On computers? On file servers? In Box or Dropbox or other cloud services? On backup drives? On USB drives?
- If you have P3 or P4 data on laptops, thumb drives or USB backup drives or other devices that can be easily lost or stolen, consider moving that data to a more secure location. If you can't move the data, make sure your devices are encrypted.
- If you have P3 or P4 data in any cloud services like Dropbox, make sure that you have multi-factor authentication (like Duo!) enabled for those services.
- If you have P3 or P4 data that you no longer need to keep (e.g., old communications with students about courses or advising), consider purging those messages or archiving them to a secure location if they need to be preserved.