January 28th marks Data Privacy Day with a focus on safeguarding data. In furtherance of the data privacy day mission, please be reminded of the following data protection guidelines and best practices:
Data Classification
The data you work with with is classified according to the NYU Data Classification Table as follows:
- Restricted
- Protected
- Confidential
- Public
The applicable data class determines how the data you work with can be stored and transmitted. For examples of the types of data in each class, please see the Data Classification Table.
- Restricted data may be stored and shared via NYU Box. Please keep in mind that restricted data should not be stored or transmitted on mobile devices.
- Data that falls into the protected and confidential categories may be stored and shared via NYU Google Apps, and there are no restrictions governing the storage and sharing of public data.
Passwords
Use unique passwords for each account/site so that the compromise of one account won’t occasion the compromise of other accounts. Hackers will attempt to use compromised credentials in a variety of sites.
- Use of a password manager is the best way to manage and store your many passwords. For more information on password managers and password best practices, please see the following Connect article, Under Lock and Passphrase.
Social Media
Remember the maxim “once posted, always posted”. Therefore, be selective about what you share online, and safeguard others as well as yourself. Be sure to check/customize the privacy settings of your social media accounts to prevent unintended sharing.
- For information on managing your privacy settings for Facebook, Twitter, LinkedIn, Instagram and Pinterest, click here.
- Never share information on social media that you’ve used to answer a security challenge question, such as, “What street did you grow up on?”. Scammers review social media posts and use the information gleaned in targeted attacks.
WiFi Networks
Always use trusted password protected WiFi networks such as NYU WiFi. Additionally, use of NYU VPN (available in certain off-campus locations) further protects your data and is required when accessing certain NYU services outside of NYU-Net.
- WiFi networks for which the passwords are displayed are not secure.
NYU Multi-Factor Authentication
Use NYU Multi-Factor Authentication, which protects your data by adding a second layer of security when authenticating to NYU systems and services. Use of MFA is now required when authenticating to certain NYU systems and services.
- Register at least two devices. One of the devices you register should be a device that you always have with you (a smartphone or a simple cell phone).
- Additionally, use of the Duo mobile app will allow you to authenticate even when you don’t have cell or internet service, or if you’re traveling internationally.
Back-ups
Back-up your data regularly and periodically confirm that your data is backing-up as desired. The best way to recover from certain malware infections is to perform a wipe and restore from back-ups.
- If backing-up or saving data to a flash drive, consider using an encrypted flash drive, such as an IronKey flash drive.
Mobile Devices
- Do not share your password and set screen auto-lock of your device to occur in a short interval of time, such as 30 seconds.
- Turn off WiFi when not in use or use the “Ask to join networks” setting which will not allow your device to auto-connect to open networks.
- Turn off bluetooth when not in use.
- Update device operating systems as updates become available.Updates address security vulnerabilities.
- Understand how to perform a remote wipe of your device in case your device is either lost or stolen.
Mobile Apps
Install only known and well reviewed mobile apps from reliable sources such as Google Play or Apple’s App store as these sources screen offered apps. Additionally:
- Review the permissions associated with mobile apps carefully before you install, and grant the minimum permissions necessary.
- Update apps as soon as updates become available as updates address security vulnerabilities.
- Uninstall apps no longer in use.