Working With OSU Data

While working with OSU data, you must protect the data you access. Following policies, procedures, standards and guidelines is the best way to ensure data remains safe. Get trained on the appropriate use and protection of university data and report unauthorized access or misuse. Additionally, it is important to understand how to classify the information you handle, so you know how best to secure it.

How Secure Should Data Be?

We have three data classifications based on the level of security the information needs. Understanding the relative sensitivity of that information helps you understand which of the categories the data fits in. More in-depth information is available in the Data Classification Knowledgebase Article (OSU Login Required).

• Unrestricted Data: This data is intended for general use, and can be found on websites, news releases, and in various publications.
• Sensitive Data: Some data, while not as restrictive as confidential, still are by their very nature or regulation private and must not be openly disclosed.
• Confidential Data: Confidential information is the most restrictive classification.

Baseline Standards of Care

You are responsible for making sure the system you store information on meets OSU minimum standards. There are different standards for different classifications of data and types of environments. See the Baseline Standards of Care Article (OSU Login Required) for more information.

Reporting

If you suspect that someone has stolen confidential or sensitive information, hacked into your computer, or suspect your computer has a virus, immediately notify the Office of Information Security.

Submit a Help Request to File a Report

What do I do if my data is compromised?

Follow these steps immediately if you suspect your data's been compromised (i.e., the data was out of your control, someone accessed it who wasn't supposed to, etc.).

1. Figure out its data classification. What type of information is it? Which of the categories does it fit into?
2. Report it to your IT support group (departmental computer administrator - DCA). Give the DCA as much information as you can, including how you think the data would be classified.
3. Follow the directions they give you, even when that means you'll lose changes to files.
4. Report it to your supervisor and to the Office of Information Security 
5. The CISO will decide what needs to happen next. The Office of Information Security will lead the investigation of the possible breach and will let the appropriate data custodians know what's happened.

The less activity that occurs on your computer after you realize information may have been compromised, the more likely it is that the security team will be able to tell whether or not it actually was compromised and what data was accessed.

Security Assesment

Before using confidential data with a cloud-based (third-party) service, contact the Office of Information Security for a security assessment.

Submit a help request for a Security Assessment

Working Securely from Home

When working remotely, you no longer have all the protections that are in place at the office to keep your data safe from the bad guys. The following ten easy steps can help mitigate this change to your security posture. We’d ask you please do the following:

1. Use OSU’s cloud and VPN services (for systems that require it) when working remotely.
2. Keep your operating system current. 
3. Be sure to use Anti-Virus and keep it up to date.
4. Turn on your host-based firewall.
5. Disable auto login.
6. Turn off file and print sharing.
7. Disable remote access and turn off any public folder.
8. Enable disk encryption, and write down that key. You may need later if there's a problem.
9. Update your applications and remove those that can’t be updated. Use auto-update settings if available.
10. Report any suspected data security incident, no matter how small. This includes phishing emails.

Access the Full Secure Remote Guide (OSU Login Required)