Technology Security

What about Word or Excel Passwords on files containing CI?

Users should not depend on the built-in file locking in Microsoft Office for confidential info. Any number of programs can be used to circumvent the protections instead, users can encrypt such files using PGP or, for Windows computers, WinZip.

How do I securely transfer HRCI (High Risk Confidential Information) or CI (Confidential Information) outside Harvard?

Do not use e-mail to transmit CI (Confidential Information). Please, use Harvard's Accellion Secure File Transfer server: http://fta.fas.harvard.edu. To get help with this, call 5-9000. HRCI can only be transferred out of Harvard if Harvard has a contract containing specific security requirements with the destination of the transfer.

Read more about How do I securely transfer HRCI (High Risk Confidential Information) or CI (Confidential Information) outside Harvard?

What about CI on USB drives, CDs, etc?

Only when there is a business reason to do so, non-HRCI confidential info may be kept on USB drives, CDs or external hard drives only if those devices are encrypted. In these cases, please contact IT Security (ithelp@harvard.edu) to request an IronKey secure flash drive, which will be provided at no cost.

Okay, but if I really do have to keep some CI on my desktop computer to get my work done?

CI may be kept on desktop computer if it is properly configured. It must have a timeout password controlling access to the desktop, the operating system must be updated regularly, have updated anti-virus software, have its firewall active and kept in a secured room, etc. In other words, all common-sense steps must be taken so that the computer may be used to work with CI to securely complete a specific business related task. If you still need the data once the task is completed, the data must be moved to a secure FAS file server, such as \\fas-depts (commonly...

Read more about Okay, but if I really do have to keep some CI on my desktop computer to get my work done?

What about other student info?

Student info (such as grades, reference letters, transcripts, personal statements, class work) must be treated as CI. As a general rule, it is best for faculty and staff to treat all student data as CI, unless there are specific reasons not to.