Security is often thought of by many as a hurdle or roadblock to getting things done. As security professionals, it is the IT Enterprise Security team’s responsibility to help ensure that security is an enabler and not a disabler when it comes to meeting the academic and administrative needs of the university community. By doing so, not only will the benefits be realized but we can also align the entire organization to meet the many compliance initiatives that are put upon us by the very nature of the work we do.
While we are very fortunate to have multiple tiers of protection in the areas of security and compliance, they are only valuable when applied and used appropriately. We can pretty much ensure all the data is safe and secure in our enterprise data center, nestled behind multiple firewalls and physical controls. The reality of the situation is that the data we use day-in and day-out is not in such a secure environment. It is in your email, your pocket, your phone and a multitude of devices you use every day. We must rely on you, the end user of this data, to know what you have and how to secure and protect it.
Our business requires that we work with FERPA, HIPAA, and many other types of strongly regulated data just to do our jobs. So you, as a user of this type of data, must use the tools provided to ensure the continued protection and compliance under your care. You may have seen the recent article placed here “Encryption: The Key to Data Security”. Losing your mobile device and data can be a horrific occurrence. But the very use of encryption can ensure that no one else can get to the data you have lost.
We all know the consequences of not being secure and of being non-compliant. By not meeting compliance standards we may face harsh fines, lost work product, and an inability to meet the needs of our academic and business mission. There are also other outcomes much more serious and irreplaceable, our reputation as a University. A major security breach can damage our image and reputation for years to come. As individual users we need to recognize this along with the personal benefits of being secure and ensuring compliance.
As an academic institution, we have many freedoms. Many corporations block websites and disallow any social networking activities. The university does not. We realize the relevance and benefits of these technologies to help us meet many of our objectives. Rather, we rely on the end users to use what is available in a conscientious manner.
Since we don’t know what your security and compliance needs are – we can only help if you ask for our assistance. You are the reason we are here. You may contact the IT Enterprise Security team any time by emailing us at firstname.lastname@example.org or by calling us at 502-852-5037.