University IT has bolstered its institution-wide information security policies and will soon require all employees to complete training in MyPath to ensure everyone has a clear understanding of expectations, best practices, and responsibilities to keep personal and institutional information secure.
With organizations of all sizes increasingly becoming the targets of cyberattacks, having strong information security policies helps protect institutional data while limiting risk and reducing costs. Individuals using University computing devices (mobile or otherwise) must know, understand, and implement personal security measures that help to prevent institutional data breaches. In providing these updated information security policies—with a number of policies directed specifically at working remotely—the aim is to ensure consistent behaviors throughout all parts of the University.
To review these new policies, see the IT website under “University Policies and Procedures on Information Security.”
MyPath Training to Start September 18
On September 18, a required training called ‘Information Security Policy Updates’ will be assigned in MyPath to all staff, faculty, contractors and student employees at the University and its affiliates. Training will take approximately 20-30 minutes and must be completed by December 15. Hourly employees will be able to do the training during work hours; please work with your supervisors and managers to schedule your online course.
The training helps individuals understand different levels of vulnerability and how to mitigate these threats:
- High Risk: Social Security numbers, financial and bank information, personal health records, and other legally restricted and/or confidential information
- Moderate Risk: budgets, organization charts with names, administrative data, research not marked confidential
- Low Risk: Public information available to all members of the University
It also helps everyone know what to do in the event of a security incident where data and information may have been compromised.
Please contact InfoSec Risk & Compliance at InfosecRiskandCompliance@UR.Rochester.edu, if you have any questions about the upcoming training.
Where the policies are located online:
University, excluding URMC: https://tech.rochester.edu/policy/
URMC: https://sites.urmc.rochester.edu/departments/hipaa/hipaa-policy-manual/#sec
If you need an exception to a security policy, please contact Help Desk
University, excluding URMC: : University Help Desk (585.275.2000, univithelp@rochester.edu)
URMC: URMC ISD Help Desk (585.275.3200, ISDHelpdesk@URMC.Rochester.edu)
Any non-compliance with information security policies requires justified, documented, and senior management-approved information security policy exceptions.