Worcester State University
Information Security Awareness


College Data

Higher education and Data security


In General, our institutional systems are designed on the principles of free information exchange to accommodate diverse user populations. The concept of free exchange of information, ideas and research do however create unique security challenges. Compliance with various regulations including FERPA, HIPAA, PCI DSS as well as other state and federal privacy regulations often puts the burden of protection on all our shoulders.  The following are beginning steps, we as a community can take, to share the security responsibility.


Institutional culture

· What is at risk?

o personally identifiable information (PII)

o credit card

o bank account numbers

o health records

o financial records of students and possibly their parents

o registrar's office

o financial aid

o research databases

· What steps can you take to better secure your information?

 o Use strong passwords and change your passwords often.

§ Remember strong password is one that is not obvious or easy to guess. A strong password should be 8 - 12 characters long and include a combination of upper and lowercase letters, numbers, and symbols such as punctuation marks and special characters.

§ Do not share your password or username with others.

§ Do not email your password to others.

§ Always change the default password when you receive a new account that requires a password and assigns a default.

§ Make it a practice to change your password every 90 days, especially when using public computers. This practice will better prevent people from knowing and utilizing your password.

§ When setting up multiple accounts, try to use unique passwords for each account.

§ Try not to write your passwords down; choose passwords that are easy to remember. If you must write them down, keep it is a secure place. This included the electronic saving of passwords.

§ Do not log others into a computer with your password.

o Use the standard campus-wide anti-virus program and be aware of steps to take to minimize computer virus risks

§ New viruses appear constantly and daily virus definition updating decreases the risk of computers becoming infected. While IT provides anti-virus software and maintains the update schedule you should never attempt to turn it off. If you believe it is necessary, contact the IT Helpdesk for assistance.

§ All computers joining the WSC domain are mandated to be virus protected.

o Email and attachments - Remember, If you receive an unexpected email attachment, even if you know the sender, do not open the attachment unless you can answer "YES" to all three of the following conditions:

§ I know exactly what this file is.

§ I have scanned this file with my virus scan AND I have ensured that my virus scan was recently updated.

§ I have verified the identity of the sender and their intentions via email or phone call.

§ This includes Chat rooms and associated links.

o Do not save sensitive date to unsecured devices.

§ Laptops, memory sticks, memory cards should be encrypted whenever sensitive data is involved.

§ You can also encrypt data when sent via an email.

Points of Interest:
  UTS Policy Site
  Check PW Strength
  UTS Guides
  Social Network Cons
  ISA Presentation
  Spot a Craig's List scam
  State Ethics Compliance
  Spot a Phishing/Spam Scam
  Modern Malware for Dummies
  Visit Educause Data Privacy
  Visit Educause Cybersecurity Initiative
  National Cyber Security Awareness
  Examples of "good" security questions

DataBridge © WSU, 486 Chandler Street, Worcester, MA 01602
Phone: 508-929-8000