Security for access to the data network and to files or applications on a server is implemented via user ID and password systems. Each user is responsible for all e-mail transactions made under the authorization of his or her ID and password, and for all network e-mail activity originating from that connection. Users are personally responsible for the security of the ID and password assigned to them. Viewing, copying, altering or destroying any file, or connecting to a computer on the network without explicit permission of the owner is prohibited. Users may not use the Hamilton data network or telephone system to attempt to circumvent protection schemes or exercise security loopholes in any computer, network, or telephone system component.
Passwords should be known only to the person responsible for the account and user ID. Ways to ensure this include avoiding storing passwords or any other information that could be used to gain access to other computing resources on your workstation, never sharing passwords, and never taping passwords to a wall, under a keyboard, or in other easily discoverable areas. Access to user IDs may not be loaned or sold and any suspected breach of password security should be immediately reported to the ITS e-mail administrator. Passwords should be changed (at least) every six months.
It is the college policy to require authentication from individuals requesting password changes. Students who forget their passwords can request a new password on the ITS website. In order to request a new password the student must know his/her college ID number. Passwords will only be provided in a sealed envelope in U. S. or campus mail, or in person. A person picking up passwords at the ITS offices must show his/her valid Hamilton College ID card. Employees who forget their password can request one through the Helpdesk. Passwords will not generally be given out over the telephone (exceptions can be made for individuals who are on leave from the college, but special steps will be taken to authenticate that the requestor is the correct person). The policy of ITS is not to request a password unless an individual specifically calls to request help from someone in ITS. A user receiving a call from someone asking for a password should regard the call as a scam.
Backups and protection of files stored on desktop equipment are the responsibility of the user of that equipment. Users must back up their work files on a regular basis. ITS provides storage space on central servers for this purpose. Department members are responsible for ensuring that critical files are backed up in their areas.
Individual users are responsible for safeguarding the equipment entrusted to them by the college. This includes reasonable protection of equipment from damage and theft. Individual users are also responsible for safeguarding any equipment they own personally and bring to campus.
Hamilton takes reasonable steps to protect users from unauthorized entry into their accounts or files, whether by other users or by system administrators, except in instances where a system-related problem requires such entry. A limited number of authorized Hamilton personnel must occasionally monitor information on the network and/or computer systems to maintain the integrity of the systems. This access is required for reasons that include, but are not limited to, trouble-shooting hardware and software problems; preventing unauthorized access and system misuse; providing for the overall efficiency and integrity of the systems; protecting the rights and property of the College; ensuring compliance with software and copyright, distribution, assuring that computer systems meet college requirements for virus protection and operating system updates before connecting to the campus network, and other College policies concerning the use of the computer network; and complying with legal and regulatory requests for information.
System monitoring is a mechanism for keeping track of computer system activities, rather than a method for accessing private information. ITS personnel also take reasonable steps to prevent the dissemination of information concerning individual user activities. It is the policy of ITS to disclose neither the contents of electronic mail and data files stored in or transmitted via the College Central Computer Systems nor the activities of individuals on the campus network to other individuals within or outside the College community except when required to do so by law, other legal mandate, during legal investigations (in accordance with College policies) or by permission of the owner. In addition, the College assumes ownership of the employee’s account(s) from the time access is terminated until the account(s) is/are deleted. If it is necessary to ensure business continuity, designated personnel may be granted access to the account(s) during this period.
Private communication via computer is treated with the same degree of protection as private communication in other media. However, due to limits of current technologies, which are inadequate to protect against unauthorized access, the confidentiality of e-mail and other system files can not be assured. All users should be aware of this and use reasonable caution when transmitting confidential materials.
Access to computer operations areas is restricted to those responsible for operation and maintenance. Computing facilities on campus are secured when not open for business. ITS takes action to provide reasonable protection against environmental threats such as flooding, lightning, extreme temperatures, and loss or fluctuation of electrical power for central server and network facilities. ITS maintains procedures for protecting critical data that reside on central servers. While Hamilton provides security for files stored on central computing facilities, Hamilton cannot be responsible for protection against floods, fires, and catastrophic events of this type. Backup files from central servers are kept for only a few days. ITS does not guarantee the availability of backups for the restoration of files deleted through user error.