Information Technology Security
National Cyber Security Awareness Month (NCSAM) is a collaborative effort to ensure everyone has the resources they need to stay safe online. NCSAM is spearheaded by the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA).
Bates believes data security is the responsibility of every member of the campus community. As digital citizens, we must consistently protect ourselves, the college, and our devices, from cyber and information technology threats. Every employee and student of the College is bound by ethics as well as FERPA, HIPAA, CALEA, and state regulations (including, among others, Maine Statutes Title 10 Chapter 210-B, Massachusetts Statute 201 17.00, & California Senate Bills 1 & 1386) to exercise proper stewardship of data.
In order to protect College data and constituents, minimize institutional exposure, and maximize practice of stewardship, Bates relies on user education and systems. Our systems minimize what users are asked to do proactively and community norms help people realize that their responsibility is concrete, rather than abstract. This approach is based on the research that reveals that the more complex the requirements, the lower the effectiveness.
Bates expects all employees to take advantage of the following educational opportunities, where applicable
- Banner (ERP): offered monthly for all new employees
- Argos (data extraction and reporting tool): regularly scheduled classes for all Argos users
- Data Security Awareness Program: required of all faculty and staff
Bates expects all employees and students to do the following
- Be aware of your responsibilities and exposures
- Use the tools provided by the College
- Do not share your Bates credentials with anyone. Ever!
- Do not reuse your Bates credentials with other services
Bates expects all employees who deal with PII to take particular care and be mindful that unauthorized disclosure is considered a data breach that must be reported under a variety of state laws. Bates employees should be very careful in storing information on unencrypted Bates-owned devices and should not download documents with PII to non-Bates devices.
In Maine, PII includes the person’s first name or first initial and last name in combination with social security and driver’s license numbers; bank account, credit card, or debit card numbers if they can be used to access the account without additional access codes; account passwords, PINs or other access codes; or any combination of the above that could be used with a person’s first name or first initial and last name to fraudulently assume or attempt to assume a person’s identity without the person’s knowledge.
Walking Away? Lock Your Computer!