Security

  1. Users will not share their password, provide access to an unauthorized user, or access another user’s account without authorization (such as when granting delegate rights). Users should also exercise good password management by always changing an initial password assigned by IT staff immediately upon receipt; changing passwords, where possible, at least every ninety days or when required to do so by the system being used; and never writing down a password and posting nearby a computer. Users should create secure, hard-to-guess passwords.  Secure passwords: are at least eight (8) characters in length; contain a combination of upper and lower-case letters, numbers, and symbols; and do NOT consist of common names or words.
  2. Users should follow sound information security practices and should not divulge any more information than necessary about Sinclair IT resources. Users should not discuss or reveal information such as Sinclair password and username formats, password requirements, IP (Internet protocol) addresses, and host names over the Internet or other outside sources.
  3. Data sent to recipients outside of Sinclair if sent over the Internet, is not encrypted (software used to encode and protect electronic data), by default, and such transmission should be considered as not secure. Examples of technology relying on transmission over the Internet include Email, Instant Messaging, Chat, Texting, “Cloud” applications, and others.  Users who need to transmit personal or other sensitive information via insecure channels must protect the information using encryption or other security measures approved by the Chief Information Security Officer (CISO).
  4. Users should be wary of and take precautions to avoid introducing viruses and malicious code to the college network. Use extreme caution when downloading files and software from the Internet. Downloading should only be done onto the hard drive of the user's computer. Downloaded files should be scanned for virus protection before installing or executing. Downloading directly into any Sinclair network resource such as H: Drives (Home Directories), shared network areas, network servers, etc. is prohibited. When using removable media (even if new), users should scan it for malware using an approved tool. Suspicious messages such as those received from unknown sources or those received from known individuals but with unlikely or inappropriate subject lines (for example “I Love You” from your supervisor or instructor) should be reported to the Help Desk and should not be opened. Emails and attachments sent through Outlook Web Access or other messaging application and received on a personal device could contain malicious code. It is strongly recommended that users install security software on their personal devices and enable automatic updating of the software. Sinclair is not responsible if the security software is, for any reason, ineffective in preventing infection of a personal device.
  5. Users are responsible for staying informed about changes in Sinclair information technology resources. The network environment is continually evolving as new products and services are introduced. Services change as the number and needs of users change. Changes can impact security measures and procedures. When changes occur, Information Technology makes every effort to publish information about these changes. IT publishes information in a variety of ways, including but not limited to, our.sinclair.edu, my.sinclair.edu, email, published articles, Know IT newsletter articles, training, phone system, the IT Help Desk, and online policy and procedures documents. Users should access these resources to stay informed about network resources changes.
  6. Users should regularly back up important data and files from their hard drives onto network areas such as home directories and department shares or to removable media such as CD/DVDs or USB storage devices. The user should test these backups regularly for reliability in retrieving data.
  7. Users must ensure appropriate and effective security methods are used when storing—downloading, recording, entering, or otherwise saving—personal information or other sensitive information, particularly on non-central storage devices or locations.  Personal information on mobile devices, including but not limited to, laptops, tablets, smartphones, PDAs, and any wireless telecommunication devices, must employ a College-approved technical security method. ITS will equip and deploy all administrative laptops and tablets with technology that protects the contents of the entire hard drive.  Users are not permitted to disable this protection. Personal information (see definition under Procedure item B.5) may not be stored on mobile devices or on other removable storage media, including, but not limited to, diskettes, CDs, memory sticks, USB drives, and "Cloud" storage services, unless the information is protected from theft and other methods of unauthorized access using encryption or similar technology approved by the Information Security Office.
  8. Data and files containing sensitive or confidential information should be destroyed securely. Media or documents with sensitive or confidential information should NOT be simply thrown into the trash. "Hard" copies such as paper, microfiche, microfilm, etc. should be shredded. Computer media such as floppies, zip disks, CD-ROMs etc. should be destroyed or securely wiped to remove data. NOTE: Many electronically generated and stored records qualify as public records and may be subject to disclosure under the Ohio Public Records Act, Ohio Rev. Code §149.011, and that communications with students may be defined as “educational records” subject to the nondisclosure provisions of the Family Educational and Privacy Rights Act, Title 20 U.S.C. §1232g. Users should consult records management staff in regards to how records management policies apply to the material contained in electronic records and documents.
  9. Physical security of Information Technology resources is also very important. Users should always log-off or use some type of workstation lock method such as a password-enabled screen saver when stepping away from their computers for more than a moment. Removable media should be stored in a lockable, secure area. Portables such as laptops, tablets, cell phones, etc. should never be left unattended for any amount of time and should be stored in a lockable, secure area.
  10. Users should report any incident of compromise or suspected compromise of any Sinclair information asset to the IT Help Desk, the Information Security Officer, or the CIO as soon as possible.