Search Google Appliance

Protecting sensitive data is the end goal of almost all IT security measures. Two strong arguments for protecting sensitive data are to avoid identity theft and to protect privacy.

  1. Data security is fundamental. All new and existing business and data processes should include a data security review. This ensures MIT data is safe from loss and secured against unauthorized access.
  2. Plan ahead. Develop a plan to review your data security status and policies. Create routine processes to access, handle, and store the data safely. Archive unneeded data.
  3. Know your data. Know what data you have and what levels of protection are required to keep the data both confidential and safe from loss.
  4. Scale down. Keep only the data you need for routine current business. Safely archive or destroy older data and remove it from all computers and other devices.
  5. Lock up! Physical security is the key to safe and confidential computing. All the passwords in the world won't get your laptop back if it's stolen. Back up data to a safe place in the event of loss.

Sensitivity of data

Data at MIT is assigned a level of sensitivity based on who should have access to it and how much harm would be done if it were disclosed. This assignment of sensitivity is called data classification.

What are the risks to data?

Understanding how data can be disclosed and what to do to protect it is the key to minimizing data breaches.

Compliance and policy

If you are handling sensitive data, know the MIT policies that apply.

Minimizing risks to data

Massachusetts has issued regulations for anyone that handles the personal information (e.g.,social security, credit card, and bank account numbers) of MA residents. To comply with these regulations, MIT implements a Written Information Security Program (WISP) that includes specific requirements for those who handle the personal information of others.

Spirion is a tool that finds instances of sensitive data.

Data breaches

Know the steps to take in the event of a security incident involving MIT business data. If in doubt, report the incident first by contacting MIT's IT Security Team.