NYMC > Departments > Administrative Departments > Information Technology > Network Security

Network Security

   A button that gives IT's phone 914-594-2000, email helpdesk@nymc.edu, hours Monday-Friday from 8 AM to 5 PM, and location at 19 Skyline Drive, 2N-F31

 
  a button leading to popular IT topics in NYMC’s Knowledge Base

Why Secure Computing Is Your Responsibility

While your department may have staff who provide computer setup and assistance, ultimately you are responsible for taking care of your computer and guarding the information it holds. Following security guidelines and good business practices is part of your job duties. The vast majority of computer breaches that we have investigated over the past few years have been the result of weak computer practices, less-than-satisfactory data-handling procedures, or poor personal choices. It is the responsibility of everyone who uses a computer at work to protect NYMC data. The data on your computer is college property that has been placed in your care. Much of the data we work with is sensitive, such as Social Security numbers, payroll information, grades, and more. However, all college data needs to be protected. 

Consequences of Not Practicing Secure Computing

Keeping your computer secure takes vastly less time than recovering from a security problem. If your computer is compromised, you will likely lose access to it for at least a few hours, possibly days. You may also lose any work you did since your computer was last backed up. If the security problem put sensitive data at risk, or if your computer is lost or stolen, the effects can be far-reaching:

  • You may be held accountable for any negligent action, or inaction, that led to the incident.
  • The college may suffer financial loss as well as loss of reputation.
  • The individuals whose data is compromised could potentially also suffer financial loss, identity theft, and unwanted public exposure of private information.

Recovering from a computer compromise or loss of sensitive data, large or small, can take people many hours and, as a result, is an expensive activity. 

Consequences of Mishandling Sensitive Data

Mishandling sensitive data can lead to NYMC suffering financial loss or loss of reputation. The possible loss of certain types of data requires NYMC to report the event to government agencies and inform possible affected individuals.

If there is even a possibility of data loss, responding can easily consume hundreds of hours and is, as a result, an expensive activity. It can also involve many people from both within your department and elsewhere around campus and, consequently, can significantly disrupt college business. Many universities, even NYMC, have experienced the repercussions of losing sensitive data, including:

  • Regulatory fines
  • Loss of funding from government agencies
  • Lawsuits
  • Loss of donations and gifts
  • Loss of reputation

What Happens When NYMC Data May Have Been Exposed to an Intruder or Malicious Software

If an intruder has gained access to a computer used at NYMC that contains sensitive data, the IT Security Office will lead an investigation of the incident.

  1. The computer’s hard drive will be copied for analysis.
  2. Information on the computer’s hard drive and other data, such as network traffic history, are analyzed to determine whether sensitive data may have been exposed.
  3. The College’s response to the incident is determined by a team whose members include:
    • Vice President for Information Technologies (chairs the group)
    • IT Policy Office
    • IT Security Office
    • Audit Office
    • College Counsel
    • NYMC Security
    • College Communications
    • Risk Management

      The team will also bring in the unit head, IT staff, and other staff from the department where the incident occurred, as well as the college data steward (for example, the Vice President for Student and Academic Services for incidents involving student data, or the Vice President for Human Resources for incidents involving employee data).
  4. Officers meet to review the incident and determine how the college should respond to it. If there is a reasonable likelihood that sensitive data could have been accessed in an unauthorized fashion, Officers determine which potentially affected parties need to be notified. The Officers also consider what actions are needed to avoid similar incidents in the future.