Protecting Sensitive Information
Dave Smallen, VP for IT and Director of the Library
While we tend to think of data breaches occurring in banks and other financial institutions they are also common in higher education: http://www.databreachwatch.org/wp-content/uploads/2013/04/8-Years-Data-Breaches-In-Education-800.png. A data breach is the release of sensitive information to unauthorized individuals.
Over the summer several members of the Hamilton community “gave away” their passwords in phishing schemes or by using easily guessed passwords. Those compromised accounts were used to send out additional spam, and could have been used to access sensitive information about other individuals at Hamilton.
Hamilton has a legal and moral obligation to protect the sensitive information it collects about employees and students.
Everyone at Hamilton has a role to play in that protection.
Hamilton College Information Security Board of Review (ISBR)
Last year, President Stewart appointed The Information Security Board of Review (ISBR) to oversee Hamilton’s information security efforts (see names below). The committee’s role is to review options and recommend changes to senior staff. Among the areas currently being considered are:
- an ongoing campus-wide awareness program;
- encryption of information on laptop computers, and other mobile devices, to make it harder for information to be compromised if the devices are stolen;
- new approaches to assigning and changing passwords; and
- guidelines for handling sensitive information.
In August, a security consulting firm met with representatives from major college offices to help us better understand how we currently store and use sensitive information. The consultants will recommend ways in which we can reduce the risk of that information being accessed by unauthorized individuals.
While we cannot completely eliminate the risk of sensitive information being compromised, we can do much to reduce that risk if each of us takes appropriate steps.
Members of ISBR:
Dave Roback, Director, Network and Telecommunication Services, ITS
Marty Sweeney, Director, Central Information Services, ITS
Mark Bailey, Professor of Computer Science
Kristin Friedel, Registrar
Gordon Hewitt, Assistant Dean of Faculty for Institutional Research and Assessment
Steve Stemkoski, Director, Human Resources
Shari Whiting, Controller and Director of Budgets
Jon Hysell, Major Gift Officer
Cameron Feist, Director of Financial Aid
Jeff Landry, Associate Dean of Students for Health and Safety
Dave Smallen, VP for Information Technology and Director of the Library