Given increased internet security threats and regulatory and compliance obligations, it’s important that each one of us understands our role in safeguarding information at MIT. To guide you in doing that, the Institute has launched an improved Information Protection website. Visit the website to take a quick quiz to find out the risk level for the information you handle at MIT, and see what you need to do to properly safeguard that information.
In addition to exploring the new website, Information Systems & Technology (IS&T) recommends that you take the following basic actions to protect the information you handle and to keep MIT safer:
- Enable automatic updates for your operating systems and software to protect against the latest security threats.
- Install Sophos Anti-Virus and CrowdStrike Falcon. Sophos protects your computer against known viruses, worms, and malware. CrowdStrike provides advanced protection against emerging threats, using machine learning to detect patterns commonly seen in attacks.
- Use a password manager such as LastPass to generate and protect strong, unique passwords.
- Back up your computers using CrashPlan. This cloud-based backup solution makes it easy to recover information from computers that have been lost, stolen, or damaged by malware.
- If you handle personally identifiable information, install Spirion (formerly Identity Finder) to help you detect and securely delete or encrypt files containing sensitive information.
- Follow these best practices while engaging in remote working, teaching, and learning to help reduce the chance of the information and data you handle at MIT being compromised.
MIT may have time-sensitive legal and regulatory obligations if certain Institute information is compromised. Examples include the loss of a laptop or paper files; malware; or notification from a vendor of a security incident affecting MIT information. Please assist MIT in fulfilling its obligations by reporting an incident as soon as you become aware of it.
Phishing and other scams
Phishing emails and email scams continue to be an effective way for scammers to steal money (through gift cards or wire transfers) and credentials, install malware, or extort cryptocurrency. Many of these emails are targeted to a specific department or lab, and may appear to come from someone you know or do business with.
Jessica Murray, who directs IS&T’s security programs, is available to answer specific questions or to recommend training.
* * *
This new resource represents a collaborative effort led by MIT’s Data Classification Working Group, with representatives from the the Audit Division, IS&T, the Office of the General Counsel, and Risk Management and Compliance Services. Community members from both academic and administrative areas provided input through an extensive pilot effort. I extend my sincere appreciation to everyone who contributed to this effort to make MIT – and its community members – safer.