Technology Security Enduser GOOGLEDRIVE

 

85% of cyber intrusions start with a phishing email.

Your Google Account encompasses email and documents. 一个网络罪犯同时侵入你的电子邮件和文件是令人担忧的. 

Here are some good practices for your Google Documents. 

 

Remove unneeded data from documents and spreadsheets.

It’s common to use system exports or downloads for multiple purposes. 如果下载包含个人数据,菠菜信誉线上平台通常会忽略它,除非它与菠菜信誉线上平台的任务有关. But the information is still there, and still vulnerable. Take a moment to remove unneeded columns.

Full names and birth dates are rarely needed for the work we do. 删除它们将降低您的数据包含可识别个人信息的可能性.

If you need that identifier, consider reducing it to initials, or limiting it to a first name and last initial. 如果你需要计算年龄-你可以使用出生年份而不是完整的出生日期,以足够准确地做到这一点? Month and year rather than full date?

In the course of our incident, 一名工作人员转来转去,试图找出一份名单的来源,这些名单可能存在于她邮箱中的电子表格中. The file appeared to contain only aggregated statistical data. 仔细检查这些公式可以发现其中一些指向一个隐藏的标签, which contained all the raw data. 收到此文件的工作人员甚至不知道其中包含姓名. 但所有这些名字都在菠菜信誉线上平台的“可能泄露信息”名单中.”

This applies to other documents you may email or share as well. A student’s first and last name, combined with any of a multitude of common data points (race, grade, class rosters) may be protected under FERPA. Examine the documents you commonly send, receive, and share for opportunities to reduce the occasions where student names, birth dates, or other protected data are included.

Plan to prevent over retention.

Every summer, as the school (and budget) year ends, we engage in a ritual: we open our filing cabinets, 把文件夹从抽屉后面拿出来,撕碎或回收文件. 然后菠菜信誉线上平台把所有的文件夹移回来,为来年建立一个新的组.

Do you do this with your electronic files? If not – it may be time to start.

The data retention schedule for your public records is the same, whether your files are stored on paper or on a server. 像整理纸质文件一样整理你的电子文件,每年夏天也把它们清理干净.

一旦您清理了您的邮箱——如果攻击者获得了访问您的网络共享, will they find old data there that could be a vulnerability?

Your data generally falls into the following categories:

  • It needs to be retained, and I also use it. 这些文件需要放在你能找到的地方,并以一种便于在年底“清理文件柜”的方式进行整理.
  • It needs to be retained, and I only keep it because I have to. Your IT team can help you out here. When you clean your filing cabinet at the end of the year, 收集那些你“必须保存但不需要”的文件,并根据你需要维护它们的时间来组织它们. Your IT team can archive them for you, and if you have organized them by destruct date, they can make sure those files are removed when the time comes.
  • I need it, but there is no specific requirement to retain it. Great. Keep it until you’re done with it! Then delete it.
  • 没有特别的要求去保留它,我只是还没有抽出时间去删除它.
  • 将此任务添加到您的夏季文件清理中,将更容易确保您没有囤积不需要的数据,并将其留在攻击者可以访问的地方.

If you need to collaborate with someone – share, don’t send. Keep your data in your OneDrive, Google Drive, or other secure location, and share a link rather than sending a copy of the file.Always use the option to share with specific people, rather than using generic links that allow anyone to access them.

Remove your shares when the collaboration is complete.

If you’re working with a workgroup, 查看您的帮助台,以获得基于您的组织的最佳可用工具的指导, available applications, and the type of data you’re sharing.

Educators are accustomed to not having resources; we expend a lot of energy figuring out creative ways to get things done. Tech teams live in a constant state of stress, 其中一些是由于发现了员工共享和访问数据的创造性方式. 您的技术团队将为您节省一些工作,帮助确定最佳选择.

Why do you need to know?

当菠菜信誉线上平台收集数据时,特别是从调查和表格中,菠菜信誉线上平台倾向于过度收集. 菠菜信誉线上平台只有一次机会来收集数据,然后菠菜信誉线上平台就把所有的东西都扔了.

记住,每一份个人数据都是需要保护的数据. 问问你自己,你是否真的需要它,你是否可以通过不同的方式得到你需要的东西. Do you need a full name, or will initials suffice? Do you need an address, or will a city name do?

考虑表单(文档和pdf)中的内容,并确保信息受到适当的保护.

有时候,没有任何方法可以绕过填写表格并“发送”给某人的需要. 当你遇到这种需求时,花点时间想想满足它的最佳方式.

如果需要发送表单,可以考虑将其保存到云存储并发送链接. When the recipient accesses it, 他们可以下载一个副本(如果他们的文件需要的话),或者将信息输入到他们的系统中,关闭文件, and let you know they have what they need so you can unshare it.

如果您通过电子邮件收到机密表单文件,请处理它们,然后删除消息. 如果你需要保留一个副本, 保存/上传文件到所需的位置,然后删除副本. (Sender: there’s still a copy in your sent items!)当你处理完这些数据后,不要把它们放在邮箱里.

Work with your tech team to identify more secure alternatives. Some options include secure file sharing, allowing staff to submit forms via an application or web page, 还有“盲投”,即寄件人可以写自己的文件,但无法看到文件夹中的其他内容,因此他们无法看到其他人的数据,或者允许员工通过应用程序或网页提交表单.

Download and clear electronic forms data.

在创建和使用在线表单时,要注意数据的位置以及如何保护数据. Since most school districts leverage Google and MS Office apps, Google’s and Microsoft’s Forms engines are commonly used by educators. They’re also commonly targeted by malicious actors. Once we’re done with forms, 菠菜信誉线上平台很少清理已经提交的数据——这意味着它不会被删除, unmonitored, on the forms servers.

What do you do with the data once you’re done with it?

  • Google stores its information in a Google Sheet.
    • When you’re done with your form, consider deleting the sheet, or at least deleting the data from it, if you plan to re-use the form.
    • If you need to retain the data,保存一份副本到您的更安全的谷歌驱动器,并删除坐在“后面”的表单的数据.
    • 请注意,谷歌禁止在其表单中收集个人身份信息. It has bots that search for things that look like sensitive data, and if it thinks it has found some, an automated utility will lock the file, 防止任何人(包括所有者)访问表单数据.
  • Microsoft存储表单数据,并允许表单所有者将其下载到电子表格中.
    • 一旦你下载了你的数据,它是安全存储在你的OneDrive, 考虑使用一键命令从表单网站本身删除数据.

微软和谷歌表单都曾是黑客活动的目标, and Google forms has been used as a platform for phishing, 试图引诱人们在表单中输入敏感的凭证,以损害他们的帐户. 这不应该阻止你使用这些网站——它们之所以成为目标,是因为它们被普遍使用. They’re popular because they are excellent sites. 它们尽可能地安全,并且仍然可以访问和使用. No matter what site you use, 主动思考哪些信息被遗忘了.