Friday, September 19, 2014

Responsible use of MSMC information resources


Mount Saint Mary College provides access to information resources to students, faculty, staff, and certain other users to support the mission of learning and to conduct business. Every authorized user of information and learning technology resources at Mount Saint Mary is responsible for utilizing these resources in an efficient, ethical, and legal manner and in ways consistent with college policies and code of conduct. Additional policies may apply to specific computers, computer systems, or networks provided or operated by specific departments of the college or to uses within specific departments.

Given the inherent openness of computers and networks which facilitate the ability to communicate to a worldwide audience, users must understand that such access is a privilege requiring users to act responsibly. All users must respect the rights of others, respect the integrity of the systems and related physical resources, and observe all relevant laws, regulations, and contractual obligations. All equipment purchased by the College, gifted to the college or acquired through grants is the property of the College and not the property of the individual to whom it may be issued. Therefore, the College has the right to control the equipment and can choose not to provide access to the equipment or the resources (files, data, services) related to the equipment. Any work, files or data attached to the asset is to be considered as part of the asset and property of the College.

The above excerpt was taken from MSMC's Office of Information Technology Policies and Procedures document.  (Version 3.0, March 2013)

Who is really asking you for information? Social Engineering
A social engineer is a person that will deceive or con others into divulging information that they wouldn’t normally share. It is one of the most commonly used methods of hacking. By building trust with their victims through deception and lies, a social engineer will try to get information that can be used later, usually for wrongdoing. If someone phones or appears and asks you for information that you know is confidential company, client or personal information, don’t be afraid to ask them a few questions yourself.

To protect data by phone
  • Ask for the correct spelling of the caller's name.
  • Ask for a number where you can return the call.
  • Ask why the information is needed.
  • Ask who has authorized the request and let the caller know that you will verify the authorization.

To protect data in person
  • Ask for some identification.
  • Ask who has authorized this request so you may verify the authorization.
  • If you are not authorized to provide that information, offer to locate the correct person.
  • Seek assistance if you are unsure.
The above excerpt was taken from MSMC's Office of Information Technology Policies and Procedures document.  (Version 3.0, March 2013)