Information Security @ MSU Denver
Information Technology Services (ITS) considers the protection of University information as a critical priority. To safeguard the MSU Denver community from security threats, ITS has implemented a comprehensive information security program that includes a robust security infrastructure as well as training and support services to equip students, faculty and staff with the knowledge and tools they need to help create a secure environment.
Protecting Personally Identifiable Information
Many departments at MSU Denver handle sensitive and confidential information about individuals – also known as Personally Identifiable Information (PII). Safeguarding PII is imperative due to the high risk of identity theft or financial loss posed to individuals and to the University in the event of improper disclosure.
What is PII?
PII includes any information that can be used to uniquely identify, contact, locate, or impersonate an individual or can be used with other information to uniquely identify a person.
General PII provides general information about a person, but is not considered sensitive unless it is paired with other PII. General PII includes:
- Email address
- Home address
- Phone number
Sensitive PII includes any information that can be used to uniquely identify, contact, locate, or impersonate an individual. It is always considered confidential. Sensitive PII includes:
- Social Security Number (SSN)
- Educational records protected by FERPA
- Driver’s license number
- Passport number
- Alien registration number
- Financial account numbers (bank, credit card, etc.)
- Biometric identifiers
- Protected Health Information (PHI), which is protected by HIPAA
Combining PII Increases Risk
Combining PII with another identifier makes it sensitive PII, because the combined information may be used to uniquely identify a person.
If paired with another identifier, the following become sensitive PII:
- Last 4 digits of SSN
- Mother’s maiden name
- Date of birth
- Place of birth
- Medical information
- Account passwords
- Citizenship or immigration status
- Ethnic or religious affiliation
- Sexual orientation
- Criminal history
- Zip code
MSU Denver’s Commitment to Protect PII
MSU Denver is committed to protecting the PII of its students, faculty, staff, and other individuals associated with the University. Please do your part in protecting the PII entrusted to you.
It is the responsibility of all departments and employees to:
- Take stock.
Know what PII you have in your files and on your computers.
- Scale down.
Keep only what you need.
- Lock it.
Protect the information that you keep. This includes physical and electronic security.
- Pitch it.
Properly dispose of what you no longer need.
- Share and store cautiously.
Never send PII via email or store on cloud services, such as Dropbox or OneDrive.
- Report it.
Immediately report all suspected or confirmed privacy incidents to the ITS Helpdesk at 303-352-7548 or support.msudenver.edu.
Properly Handling PII at Work
Consider the following when handling PII:
- PII could be in your file cabinet, in your desk, on your computer, laptop, memory stick, PDA, etc.
- Collect only the information you are legally allowed to collect and only what you need to perform your specify business function.
- Be sure to follow procedures for shredding documents containing PII, including CDs.
- Adopt a “clean-desk policy”: Don’t leave documents with PII on your desk.
- Lock up documents with PII overnight and on weekends.
- Lock your computer when you step away from the keyboard.
- Don’t leave sensitive PII in a voice mail message or send it in an email.
- Protect printed or faxed documents that contain PII.
- Don’t take or send MSU Denver records with PII or other confidential information home unless authorized to do so.
- Use strong passwords and never share them!
Don't Get Hooked by Phishing Scams
Phishing scams – a technique often used by hackers and identity thieves to compromise accounts and install malware – continue to grow in number and sophistication.
Phishing is a social engineering method in which the phisher uses email or a phone call to lure unsuspecting recipients into giving their personal, financial, or other sensitive information to commit identity theft, gain access to their accounts, or hack their computer. The email or call normally appears to come from a legitimate person and may even target a specific group (e.g. members of the MSU Denver community), which is known as spear phishing.
ITS has compiled the following tips to help you avoid falling prey to phishers:
- Scrutinize all emails before downloading attached files or clicking links. Verify that the email address of the sender is legitimate and someone you know.
- Don’t click on unrecognized links. Want to know where a link is actually going? Hover over it with your mouse cursor to reveal the actual web address.
- Be skeptical of any email with urgent requests for personal financial information. Not sure about a request? Call the company to verify.
- Be skeptical of messages that have poor spelling or grammar, sloppy formatting, or a generic greeting such as “Dear Customer” rather than your name.
- Beware of common intimidation tactics such as “Urgent action required!” or “Your account has been compromised!” Call the company to verify if you’re concerned.
- Don’t download “free” software onto your PC, always follow MSU Denver’s security policies! The Information Security Policies are available on the MSU Denver Policy webpage.
If you receive a malicious or suspicious email or phone call to your MSU Denver email or phone number, please forward the information to email@example.com. If you have any questions or concerns, please contact the ITS Helpdesk at 303-352-7548 or support.msudenver.edu.
Stay Safe Online
While the Internet can make our lives easier and more connected, it can also increase the risk of theft, fraud and abuse. No country, industry, university, community or individual is immune to cyber-risks.
With the help of these simple tips from the U.S. Department of Homeland Security, you can enhance your online security:
- Set strong passwords and don’t share them with anyone.
- Keep your operating system, browser and other critical software optimized by installing updates.
- Maintain an open dialogue with your family, friends and community about Internet safety.
- Limit the amount of personal information you post online and use privacy settings to avoid sharing information widely.
- Be cautious about what you receive or read online — if it sounds too good to be true, it probably is.
Want to learn more?
- Visit DHS.gov/StopThinkConnect to learn about strengthening your cyber-security.
- Find more information about phishing on the Anti Phishing Working Group (APWG) website.
- Look for security tips and other helpful information in the and on the ITS Facebook page.
If you have additional questions, concerns, or need immediate assistance - Please contact the MSU Denver Helpdesk.