Mobile device security
Physical Security for Mobile Devices
Scammers and criminals aren't only a threat online. They can use your device to access information, and may sabotage or even steal the device itself. Keep an eye on your computers, phones, tablets, and other devices.
- Don't leave any mobile devices unattended, especially in a shared space.
- Password protect mobile devices.
- Lock your screen when you step away from your desktop.
- Avoid accessing banking or other sensitive information on shared devices.
- Don't install software on campus computers without authorization.
- If you find a USB drive, leave it with lost and found. Do not plug it into your computer!
- Be aware of suspicious behavior, such as unauthorized attempts to access non-public areas, or unauthorized attempts to use, remove, or alter equipment.
- Immediately report suspicious behavior to Police & Safety Services at (707) 664-4444.
- Verify the identity of any third-party persons claiming to be repair or maintenance personnel, prior to granting them access to modify or troubleshoot devices. Do not install, replace, or return devices without verification. Some forms of verification may include contact with the vendor or contractor, contact with IT, or information from a coworker who coordinated the maintenance.
Network and Wireless Security
Why is wireless Internet security important?
Good wireless security practices can reduce the risks of having your computer, online accounts, or personal information compromised.
When is it generally safe to enter logins, passwords, payments, or other personal information into a website?
When all of the following are true:
- You are accessing the website using an address (URL) that begins with HTTPS:
- Your browser has not issued a warning about the website certificate.
- The website belongs to an organization with whom you are comfortable sharing the information.
Which network should you connect to?
SSU-SECURE is the recommended, encrypted wireless network at SSU.
What precautions should I take when working from an open Wi-Fi network, such as at a restaurant or coffee shop?
- Avoid highly sensitive activities such as accessing level 1 data at SSU, or
- connect to the SSU network using the campus VPN (Virtual Private Network). (Contact the IT Help Desk for assistance in configuring and using the campus VPN.)
Software Security
Malicious software, or "malware," can observe your behavior, steal information or passwords, cause additional advertisements to appear when browsing the web, or even use your computer, without your knowledge, to perpetrate further criminal activity.
To protect yourself from malicious software:
- Regularly apply software updates on all computing devices to operating systems and key software, including Mac, Windows, tablets, phones, and web browsers.
- Outdated software may have security holes that criminals can use to access your files and information.
- Due to known vulnerabilities, avoid using Java and Flash whenever possible.
- Use anti-virus software. (Sonoma State offers this at no charge.)
- Report any symptoms of malware to the IT Help Desk (slowness, pop-ups, new and unexpected icons/toolbars, etc.).
- Faculty and staff only: Contact the IT Help Desk for help with software installs and updates on university devices.
Level 1 Data
What is Level 1 data?
CSU protected Level 1 data could be used to cause a high level of harm to the University or an individual. We have a high level of responsibility to protect this data.
Level 1 data must never be stored or accessed using personally owned devices, including mobile devices, and may only be stored or accessed using devices owned by Sonoma State University and managed by the SSU IT department.
CSU protected Level 1 data includes but is not limited to:
- Social Security number with name.
- Birth date combined with last four digits of SSN and name.
- Credit card numbers.
- License number or other government issued identification number.
- Health information, including records and insurance.
- Bank account or debit card information with any required security credentials.
For a complete definition of Level 1 data, view the CSU Data Classification Standard.
Handling Level 1 data
Do NOT:
- Gather or keep Level 1 data without a pressing business need.
- Disclose Level 1 data to unauthorized recipients in any manner, including but not limited to, verbally, in written form, or in electronic form.
- Save unencrypted level 1 data to your local drive, such as the desktop or the Downloads/Documents folders.
- Store level 1 data on personal computing devices.
- Send or forward level 1 data via email.
Do:
- Ask yourself if you really need to store the information. If you must, follow the appropriate CSU and SSU standards.
- Use discretion in deciding when and how publicly to discuss sensitive information.
- Dispose of Level 1 data properly by cross shredding paper copies or returning them to their owners, and having IT securely erase electronic media.
- Ensure that all paper and electronic media containing Level 1 data is secured or directly supervised at all times.
Level 2 Data
What is Level 2 data?
CSU protected Level 2 data is data which must be protected due to proprietary, ethical, contractual or privacy considerations, or which may not be specifically protected by statute, regulations, or other legal obligations or mandates but for which unauthorized use, access, disclosure, acquisition, modification, loss, or deletion of could cause financial loss, damage to the CSU's reputation, violate an individual's privacy rights, or make legal action necessary.
All devices, including personal devices, used to store or access Level 2 Protected Data must comply with the SSU Configuration Management Standard.
CSU protected Level 2 data includes but is not limited to:
- Birth date (full: mm-dd-yy or partial: mm-dd only)
- Photo (taken for identification purposes)
- Grades/Courses taken/Schedule/Test Scores/Advising records/Educational services received
- Employee net salary
- Home address
- Personal telephone numbers
- Personal email address
- Payment History
- Employee evaluations
- Pre-employment background investigations
- Mother's maiden name
- Race and ethnicity
- Parents' and other family members' names
- Birthplace (City, State, Country)
- Gender
- Marital Status
- Physical description
For a complete definition of Level 2 data, view the CSU Data Classification Standard.
Handling Level 2 data
Do NOT:
- Gather or keep Level 2 data without a pressing business need.
- Disclose Level 2 data to unauthorized recipients in any manner, including but not limited to, verbally, in written form, or in electronic form.
Do:
- Ask yourself if you really need to store the information. If you must, follow the appropriate CSU and SSU standards.
- Use discretion in deciding when and how publicly to discuss sensitive information.
- Dispose of Level 2 data properly by cross shredding paper copies or returning them to their owners, and having IT securely erase electronic media.
- Ensure that all paper and electronic media containing Level 2 data is secured or directly supervised at all times.