Protecting sensitive data is the end goal of almost all IT security measures. These measures help to prevent identity theft and safeguard privacy.

  1. Data security is fundamental. All new and existing business and data processes should include a data security review. This ensures MIT data is safe from loss and secured against unauthorized access.
  2. Plan ahead. Develop a plan to review your data security status and policies. Create routine processes to access, handle, and store the data safely. Archive unneeded data.
  3. Know your data. Know what data you have and what levels of protection are required to keep the data both confidential and safe from loss.
  4. Scale down. Keep only the data you need for routine current business. Safely archive or destroy older data and remove it from all computers and other devices.
  5. Lock it up and back it up! Physical security is the key to safe and confidential computing. All the passwords in the world won't get your laptop back if it's stolen. Back up data to a safe place so it can be recovered if equipment fails or is lost or stolen.

Sensitivity of data

Data at MIT is assigned a level of sensitivity based on who should have access to it and how much harm would be done if it were disclosed. It's important to make sure that you're handling sensitive data properly at the Institute. Spirion is a tool that finds instances of sensitive data. Learn what steps to take if sensitive data is detected on your machine, including how to remove it.

What are the risks to data?

Understanding how data can be disclosed and what to do to protect it is the key to minimizing data breaches.

Compliance and policy

If you are handling sensitive data, know the MIT policies that apply.

Minimizing risks to data

Massachusetts has issued regulations for anyone who handles the personal information (e.g., Social Security, credit card, and bank account numbers) of MA residents. To comply with these regulations, MIT implements a Written Information Security Program (WISP) that includes specific requirements for those who handle the personal information of others.

Data breaches

Know the steps to take in the event of a security incident involving MIT business data. If in doubt, report the incident to MIT's IT Security Team.