Body
Each semester the Cornell Law School IT department sends out a security awareness and IT policy reminder to everyone at the Law School. This is done so the community is aware that each one of us has a responsibility to protect institutional data and computer systems. As you know, security risks are on the rise. Protecting against institutional harm is of the utmost importance and is everyone's responsibility.
It is your responsibility to make sure any Cornell confidential data you work with is secure regardless of the location or computer ownership. If you have any questions or concerns about how you are handling Cornell confidential data or any Cornell data whose loss/disclosure would negatively impact the Law School (at work or at home) please contact us at the Helpdesk so we can review procedures and discuss options with you and your department.
We would like to remind users that Cornell’s cloud share services (Box, OneDrive, Teams, and SharePoint) are valuable collaboration tools, but their ease of use comes with risks. Please make sure that you use these services in accordance with university policy. Cloud share services are designed to empower users to share data, which comes with the responsibility to manage who has access.
Below are guidelines we should all be following daily to protect ourselves and Cornell’s systems and data:
- Make sure you review and understand how to protect yourself from identity theft: https://it.cornell.edu/news/protect-yourself-against-identity-theft/20170911
- As a part of our responsibility we should all understand Cornell’s Security Policy and follow best practices to minimize risk to Cornell’s systems and the data we work with: https://it.cornell.edu/security-and-policy/responsibilities-protect-university-data
- Cornell’s definition of confidential data can be found here: https://it.cornell.edu/security-and-policy/data-types-confidential-regulated-restricted-public#section-1
- Personal computers and other devices: If you own a personal system or device, it is your responsibility to make sure all Cornell confidential data is secure regardless of the location or computer ownership. This would include phones and tablets connecting to University systems. https://it.cornell.edu/policy/policy-510-information-security
- Protecting your netID login credentials:
- Never share your netID password with anyone (inside or outside of Cornell.) IT support at Cornell will never ask you for your password. When prompted for your netID login check the site asking for your password to make sure it is a legitimate Cornell login webpage. Consult Cornell’s Phish Bowl (https://it.cornell.edu/phish-bowl)
- Do not re-use your netID password on other systems. A common behavior of hackers is to try passwords obtained in a successful hack on other accounts associated with users. If you need to manage multiple accounts/passwords, Cornell University has partnered with LastPass password management service: https://it.cornell.edu/lastpass
- Setup up security questions. https://netid.cornell.edu/NetIDManagement/index.html
- Proper handling of confidential data in your day to day work: If you are transferring confidential data, use Cornell Secure File Transfer (service formerly known as Cornell Dropbox) (https://sft.cornell.edu) or the LastPass service (despite the name you can securely share notes or documents in addition to your passwords - https://it.cornell.edu/password-mgmt) If you are given documents containing confidential data as part of your work please take the appropriate action to protect that data as soon as possible. Your choices are to erase/redact the data or store securely – contact the Helpdesk for assistance with options for securely storing your data.
If you need assistance with storing confidential data or have security questions, please contact us via law-helpdesk@cornell.edu