Safeguarding Sensitive Data at MIT

November 03, 2016

Dear MIT faculty and staff,

Over the past three years, Information Systems and Technology (IS&T) has taken many steps to enhance the safety and security of MIT's information technology (IT) infrastructure. With guidance from the Information Technology Governance Committee (ITGC), we have examined how we deliver network services to the community. We have modified practices to establish a higher level of resilience for our network while accommodating the needs of our faculty, students and staff.

The Information Protection @ MIT website provides easy access to policies, resources and guidance related to safeguarding sensitive data at the Institute. The site also provides information to help community members protect their own personal data. Resources at the Training tab will help you understand the Institute policies and procedures that need to be followed to comply with local and federal legislation related to data protection.

Additionally, the Tools tab lists several software tools and services to help you find, delete, or protect sensitive information. You can keep your machine clean by using the CrowdStrike Falcon anti-malware service; protect your passwords using the LastPass password management tool; find and redact sensitive data using Spirion (formerly Identity Finder); and encrypt your data using FileVault or BitLocker. All of these tools are available to MIT community members at no cost.

Connect with care – when in doubt, throw it out. This year has seen an increase in phishing  emails and ransomware attacks. Cybercriminals try to infect your device by getting you to click on links within emails. If an email looks suspicious, delete it. These scams provide yet another compelling reason to back up your files using the cloud-based CrashPlan solution.

Various units across MIT share responsibility for maintaining records and providing oversight. Faculty and staff who create, transmit, or store sensitive data can learn best practices by watching a series of brief videos on desktop, Internet and data security. David LaPorte, who directs IS&T’s security programs, is available to answer specific questions or offer guidance on recommended training.

Sincerely,

John Charles