Today's Message
Posted: Wednesday, July 19, 2017Information Security Awareness: Using Office 365
Thank you to those who provided feedback on SANS training. Many people asked about using Office 365 for sensitive information. While our governance committees are working to provide documented guidance to the campus, we publish this information at this time.
Faculty and staff members should never remote in to a campus computer from a public network, such as a hotel, library, or coffee shop. Likewise, you should never place files containing FERPA, HIPAA, or contractually protected information in Office 365. Nor should you carry them on portable media (e.g., phone, USB, or external drive). That said, documents that do not contain FERPA, HIPAA, or contractually protected information can go into Office 365 for use off campus. Examples of this kind of work include committee work, syllabi, writing or reports (that do not have FERPA, HIPAA, or contractually protected information), and de-identified data.
Finally, in the words of Mark Kent, client systems engineering manager, “If the browser prompts you to keep your password when you log into O365, choose No!”
See the security awareness training FAQ page on the RITE Information Security website for more information.
