How to Secure Your Information

First Steps

Your first step in ensuring your own computer security on the Stanford University Network should be proper setup and prevention. Stanford IT Services just published a new handy, easy-to-read chart of Minimum Security Standards; check it out to make sure your computer, server, and mobile devices have the right levels of security.

Here's a cheatsheet on how to set up:

• Your laptop and/or desktop:
  • Visit http://ess.stanford.edu to install essential anti-virus and anti-spyware software.
  • Encrypt your computer and any external devices (external hard drives, USB drives, etc). All computers with access to the Stanford network must be encrypted by My 31, 2015.
    
  • Visit the Data Security Program website for full instructions on how to properly secure your computer according to University guidelines.
    
• Your phone or mobile device: Visit our page on Mobile Computing for tutorials on securing your phone. And if you'd like to use your device for Stanford work or to access Stanford information (including email and calendar), check out our page on Mobile Device Management (MDM) to see if your device is approved.
• Your server: If you're running your own server, make sure you see our page about servers to make sure it's properly secured.
•  

Next Steps: Sending and Sharing Information Securely

Once your computer and your devices are properly secured, take care of the information inside those devices—and the information on the entire Stanford network—by using secure methods to send, share, and store.

Use Stanford Secure Email to send emails discussing High, Moderate, and Low-Risk Information

Use MedSecureSend (MSS) to securely send files up to 100GB, to colleagues at Stanford and elsewhere

Use the Stanford VPN when connecting to the network from off-campus.

Use cloud computing services responsibly; make sure you know which services are approved for what levels of sensitive information.

Use encrypted external hard drives and USB drives to carry and store your Stanford information. (IRT Security is working to provide them free of charge.)

Stanford Information and Research

As we are at a School of Medicine, we have two kinds of information which must have extra layers of security: student/university information, and health/patient information. Be aware of how to deal with these special categories of information.

Know your Risk Classification: Learn what kinds of information belong in which categories: High, Moderate, and Low Risk (previously Prohibited, Restricted, and Confidential information).

Properly handle Stanford Information: As a member of the university, you are personally liable for data breaches. See what's at stake, and how you can reduce your risks.

Research and Security help: If you are applying for a grant, are trying to budget for computer security, or are looking for other help with research and data management, we've got resources for you.

HIPAA: Visit our page to learn about HIPAA rules and regulations, and find out how to properly anonymize data for publication.

Forming Good Everyday Computing Habits

Be proactive in protecting your information; starting good habits now can mean averting disaster later. Here are some easy (and necessary!) computer safety habits you can teach yourself today, without waiting for an emergency.

Back up your computer EVERY DAY. (CrashPlan is free for everyone at the School of Medicine—and it backs you up automatically.)

Use a passcode lock on your phone or mobile device—whether or not you access Stanford information with it.

Maintain good security practices at home and in the office. Make every day Information Security Day, by learning to be your own hero.