Best Practices

InfoSec Best Practices

"Best Practices" are a set of practical rules that have been peer reviewed, tested, and refined. For organizations storing confidential information, InfoSec best practices help maintain security and protect the confidentiality of the information entrusted to that organization. This is by no means an inclusive list, rather a few examples we use at COCC.

Here are a few examples of best practices:

Do not write down credit card numbers

When taking credit card payments over the phone, enter the credit card number directly into the payment processing screen while the card is read to you by its owner. If CC information is written down it could potentially be lost or stolen, resulting in the customer becoming a victim of credit card fraud.

Shred out-of-date documents

There are many laws and college policies which require us to store physical documents or digital records for a period of time. Often that information is confidential in nature. Purging data beyond its required retention length (deleting records or shredding documents) reduces organizational risk of that information being stolen by cyber criminals. When dealing with students, if you write confidential information in the form of notes, be sure to shred that information once it is no longer required.

Utilize antivirus software and patch operating systems and programs

Just as cyber criminals are working hard to find new ways to steal our information or money, antivirus, operating system, and software developers are working hard to close security flaws as they are discovered. The most important updates (because they are the most exploited) are typically your operating system (Windows, Mac, Linux), Java, Adobe Products (Flash and PDF Reader most importantly), your web browser (Firefox, Chrome, Internet Explorer), and antivirus / anti-malware software. Many, if not most of these, have the capability to automatically update - this works well for many applications and users.