Computer Security at SIPA and CU

The School of International and Public Affairs Information Technology (SIPAIT) office maintains policies about the use and security of its system in the interests of protecting user data and ensuring the reliability of mission-critical systems. These policies supplement the university (CUIT) security policies. All users are expected to be familiar with and adhere to these policies

 

Best Practices for protecting User systems

  • Make sure your system operating system is patched.
  • Have virus and Malware protection; ensure virus definitions are up to date.
  • Make sure all software updates are applied as they become available.
  • Use strong passwords with a combination of at least three of the following: upper case, lower case, numbers and special characters with a minimum length of 8 characters.
  • Do not share passwords with others.
  • Log off systems when not using them.
  • Avoid using free Wifi when possible.
  • Do not use free Wifi for banking or shopping or any sensitive data.
  • Be mindful when browsing the web.
  • Backup your data regularly.
  • Do not leave personal sensitive data on network drives.
  • Be careful when opening an unsolicited email. Check the email address by hovering over the email address to see they match. If not, the email is a phishing email. Report to spam@columbia.edu and delete it.
  • CUIT and SIPAIT will never ask you to provide your credentials for verification. This is generally an indication of spam/phishing email. Do not click on any such links.
  • Physical security of your devices is also important. Do not leave them unattended.

Security awareness training

CUIT provides free security awareness training to users so that they can recognize computer security, social engineering, phishing emails, and learn about FERPA and HIPAA policies. There are several short modules that address each of these areas. Users are encouraged to take this training.

Data Security while travelling to High Risk Countries

SIPAIT has suggested guidelines for users travelling to High Risk Countries.

Data Compliance at CU and SIPA

The University requires all users to be in compliance with its data classification policies for sensitive user data stored on computers. This includes Social Security Number, Date of Birth, Visa and Passport numbers, and Credit Card information. This requires ongoing vigilance for data stored on computers, including the network drives. These policies also apply to all removable media and printed material. The CU policies on sensitive data can be viewed on Columbia University data classification webpage (data classification can be found in the Appendices).

User Responsibility and Remediation

For users on the SIPA network, SIPA IT will periodically scan their computer systems and network drives. SIPAIT will then contact SIPA staff if any data needs attention. Users administering their own system should make sure that they are in compliance with the University policies. All precautions must be taken to secure these materials. Please do not store any personal information in your network drive. This includes tax returns, copies of passport, birth certificate, visa, etc. These documents will be removed without notice.  For questions, please contact sipaitsecurity@sipa.columbia.edu.

Below are steps users can take when dealing with sensitive data.

  • Remove any sensitive data/redact it from files you wish to retain, if possible.
  • Delete all files that are not needed.
  • Empty the trash.
  • Identify any files/folders that you need to retain with sensitive data.  Contact SIPA IT to plan for encrypting data in accordance with University policy.
  • Provide written justification for keeping any sensitive data which you have identified. Fill out appropriate forms (available from SIPAIT) for submission to the University.