Table of Contents - article sections:
Section links within this article:
Safe Computing Practices and Tips
Every individual has a role and responsibility to protect our systems and data. Reduce the risk by using safe computing practices, being vigilant, and taking an ongoing active role to be aware and informed.
Beware of scams
- Phishing scams are a constant threat - using various social engineering ploys, cyber criminals will attempt to trick you into divulging personal information such as your login ID, passwords, verification codes, banking, credit card and financial information.
- Scams can be carried out by phone, text, through social networking sites, and other platforms or modes of communication - but most commonly by email.
- Be suspicious of any official-looking email, text, caller ID, or other means of contact asking for personal or financial information.
- Scammers may provide an employee ID, badge number, use official-looking letters with seals or agency names that sound real, or use the name of a real government employee to convince you to share information or take action.
- Don't trust unexpected email, or texts
- Don't click text or email links, attachments, downloads - this includes if it's from a trusted personal contact, institution, or business. Independently verify whether the link, attachment, download or request you received is legitimate. Contact the personal contact, business, or agency in a separate communication using known personal contact information or from official posted means of contact.
- Don’t trust your caller ID. Your caller ID might show an actual government agency or company’s name or phone number. But caller ID can be faked.
- Never pay anyone who insists you pay with a payment app, cryptocurrency, a wire transfer service like Western Union or MoneyGram, or a gift card.
- Never move your money to "protect it" - it's a scam.
- Don't be tempted by "urgent" action you must take, "helpfulness" to solve an "issue" you've just been made aware of, or tempted by fake discounts, bogus giveaways or prizes.
Protect passwords
- Never share your password with anyone and avoid writing them down. If you need to write them down, keep in a secure location.
- Password protect all your devices and your information.
- Don't use the same password for multiple accounts or devices.
- General password tips to keep in mind:
- At least 8 characters in length
- Difficult to guess (e.g. don't include personal information such as your username, names of family members, places, birthdays, addresses, etc.)
- Contain a mixture of upper and lowercase letters, numbers and symbols
- To help make it easy for you to remember- think of a passphrase instead of a password.
- Along with protecting passwords, it is just as important to protect your verification codes
Protect verification codes
- Anyone asking you for your account verification code is a scammer.
- Verification codes and passwords work together, like a doorknob lock and a deadbolt lock. If you unlock the doorknob but not the deadbolt, you can’t get in. Scammers need both keys, pretend to be someone you can trust, say someone is using your identity or there is a problem with your account, and may provide a few details they may know about you, in the aim to convince you to provide your verification code.
Protect your computer
- Make sure you have virus protection and it is up to date.
- Shut down or restart your computer at least weekly.
- Shut down or restart whenever your programs tell you to in order to install updates.
- If you get an antivirus alert that there is malware or a virus on your computer, please contact 651-793-1240 for assistance.
- Turn on Automatic Updates for your operating system.
- Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.
- Make sure to keep browser plug-ins (Flash, Java, etc.) up to date.
- Never give remote access to your computer to anyone who contacts you unexpectedly
Protect sensitive data
- Keep it off your workstation, laptop or other devices if at all possible.
- Securely remove sensitive data files from your system when they are no longer needed.
- Always use encryption when storing or transmitting sensitive data.
- See data storage sharing guidance and recommendations
Using Internet and email
- Be careful what you do over wireless, especially if you're on public access wifi.
- Information and passwords sent via standard unencrypted wireless can be easy for hackers to intercept. Most public access wireless is unencrypted.
- Use only secure web pages when entering personal information online.
- Look for https (not http) in the URL to indicate there is a secure connection.
- Avoid unknown websites and software downloads. These often contain malware that will automatically compromise your computer.
- Never click attachments or links in email that is unexpected or suspicious for any reason; this includes email or other means of electronic communication from a trusted personal contact, institution, or business. Independently verify whether the link, attachment, download or request you received is legitimate. Contact the personal contact, business, or agency in a separate communication using known personal contact information or from officially posted means of contact.
Mobile device security
- Lock your device with a PIN or password - and never leave it unprotected in public.
- Only install app's from trusted sources.
- Keep your device's operating system updated.
- Don't click on links or attachments from unsolicited emails or texts.
- Avoid transmitting or storing personal information on the device.
- Most handheld devices are capable of employing data encryption - consult your device's documentation for available options.
- Use Apple's Find my iPhone or the Android Device Manager tools to help prevent loss or theft.
Back up your data
- Back up your data on a regular basis
- Make backup copies of files or data that is important to you.
Workstation security
- Shut down, lock, log off or put your computer/devices to sleep before leaving them unattended
- Set your computer and portable devices to automatically lock when they're not being used.
- Don't install or download unknown or unsolicited programs or apps to your computer or other devices. These can contain behind the scenes viruses or open a back door giving others access to your device without your knowledge.
- Secure your area before walking away
- Lock up any portable equipment and sensitive material, including papers, before you leave an area.
- Never share any of your access codes, cards or keys.
- Ensure others cannot view your computer screen when sensitive information is displayed
Minnesota State Employee Training Resources (ELM)
For additional guidance, practices, and training, please review Minnesota State annual required employee training program. In addition to FERPA and Private Data training, the employee training program includes Security Awareness Training, covering the following topics:
- Password Security
- Physical Security
- Mobile Security
- Phishing
- Malware
- Ransomware
- Public Wi-Fi
Minnesota State End User Data Storage Sharing Guidance and Recommendations
Minnesota State End User Data Storage Sharing Guidance and Recommendations, including cautions and storage not recommended for use based on data type:
Sensitive Data Types and Examples:
- Highly Restricted Data Examples:
- Social Security Numbers
- Credit Card Information
- Bank Accounts
- Health Records
- Passport/Visa Information
- Restricted Data Examples:
- Student Grades, Financial Aid, Class Schedules, etc.
- Individual Demographics: Race, Age, Ethnicity, etc.
- Drivers License Number
- Faculty/Staff Personal Information
Data Security Classification System Procedure 5.23.
Remember, data categorization types correspond to:
- level of protection requirements
- impact to individuals, Metro State, Minnesota State, and the State if that data is improperly disclosed or modified
- protection by every individual who stores, processes, or transmits data
- the value of data to attackers!
Minnesota State Secure File Share MOVEit
Minnesota State Secure File Share MOVEit application licensed through Minnesota State allows you to transfer confidential and large files, including those too large for email, securely to another Minnesota State contact via a secure server. Files can be saved for up to 14 days; senders indicate how many days, up to 14 days, that the recipient has to download the file(s) from their SecureFileShare "in box."