AP 139 - Security of Computers, Memory Keys and Portable Storage Devices
Background
Data security and data integrity are of paramount importance to Horizon School Division. All data residing on file servers, thumb drives and portable storage devices need to ensure that the following steps are taken when dealing with security.
Procedures
In order to ensure data security, these steps must always be followed.
- Never under any circumstances share your division assigned user name and password with others. Violation of this may contravene not only the division’s AP 140 - Acceptable Use of Technology, but various information privacy laws.
- Never under any circumstances share your access passwords with others for any of the division services including but not limited to: Maplewood, Navision, ODT Portal, First Class, Outlook etc.
- Data removed from division networks, schools and office via portable removable media such as usb memory keys (sticks), portable hard drives, and cd /dvd media must not contain any data that could create a security breach and compromise staff or students privacy.
- Never leave your computer unattended while logged in. Use of the lock screen feature is advised when leaving the area your computer is located in.
- Always remember to log yourself off the computer and network when not in use. Unwanted access to sensitive information could easily be gained in this method.
- Never dispose of computer hardware without consulting the following AP 136 - Disposal of Division Technology Assets.
- Use a complex hard to guess password and change it frequently. A complex password may consist of capital and lower case characters, numbers and a special character.
- Never store passwords in a location that can be seen or found easily by others. For example, taping a sticky note with password on it to the bottom of a keyboard is not a good place for your passwords.
- Change your passwords frequently.
- If unidentified persons are requesting access to division network systems or computers including areas that house network switching equipment and file servers please contact the Information Technology Administrator immediately.
- Each end-user in the school division is responsible for maintaining security and preventing unauthorized use.
Reference:
May 9, 2013