SharePoint Security Statement

SharePoint Security Statement

  1. Even though specific SharePoint sites or items may be password protected, SharePoint is an Internet-connected server which means that anyone in the world can generally contact the server and attempt to log in.
  2. Anyone, anywhere in the world, with the correct username and password can access information on the SharePoint server (i.e. data within SharePoint is a username and password away from anyone on the Internet).
  3. There are two kinds of data to consider:
    1. Restricted and Sensitive Data
      1. Generally, this type of data should not be placed in SharePoint.
    2. Intellectual Property that is not restricted, but should remain private
      1. This type of data may be placed in SharePoint at the discretion of project leaders.
  4. In general, if you are concerned about liability or legal ramifications, you should not place the data in SharePoint.  If you want to share restricted or sensitive data with a group, please consider using Purdue’s FileLocker sytem:  https://filelocker.purdue.edu.  While FileLocker is not as flexible as SharePoint, it is secure and encrypts data.

FileLocker – Share Files Securely

If you need to share files securely with others and you don’t want to risk placing your files on a consumer file sharing site, a good alternative @ Purdue is to use use FileLocker to distribute / share your files.

FileLocker is a free Purdue system that allows large files (up to 1 GB) to be securely uploaded and distributed. Files are encrypted within the system and you can protect files with a download password that non-Purdue people can use to fetch the file.

For example, instead of sending out CD’s in the mail to distribute a large file, you could upload it to FileLocker to enable others to securely download it.  If you need to share a group of files and folders, you could upload a ZIP file to FileLocker.

Here is a blurb from the FileLocker online help:

Learn how to share an uploaded file with anyone using a publicly available URL

1. After uploading a file, click on the file that you want to share and check the box next to “Public Share”.
2. Once the box is checked, you’ll be prompted to choose which email addresses should receive a link to the file you are sharing. You must also specify whether the share will expire after one use, or whether it can be downloaded repeatedly.
3. If the file may be downloaded repeatedly, you must specify a password that must be entered before the file can be downloaded. You will have to communicate this password to any intended recipients of the file through some other secure means (phone, encrypted email, etc).
4. Once you click share, a publicly accessible URL to download the file will be created, any email addresses you’ve entered will be sent an email notifying them that file is now available at the generated URL, and the URL will be displayed.
5. You may view the publicly accessible download URL and send it to additional people by email at any time after you share the file publicly by clicking on the “(view link)” text next to the Public Share checkbox.

You can find more information about FileLocker on these web pages:

https://it.purdue.edu/services/filelocker.php

Here is the direct link to the FileLocker login page (requires Purdue career account to log in):

https://filelocker.purdue.edu

Thank you and happy file sharing!

–Education IT

Purdue IT Security Incident Response

Dear College of Education,

The Education IT team recently attended Purdue IT Security Incident Response training.  Because some of you have access to restricted and/or sensitive Purdue data, we want to communicate our checklist for how we must respond to an IT Security Incident in your area.  We’re sorry for such a long email that follows.  The reality is that there is a lot going on behind the scenes in IT security and Purdue is legally bound by numerous federal, state and local laws to respond to IT security issues.  We feel it is important to pass some information along and keep everyone in the loop.  Please see the following PDF document:

http://social.education.purdue.edu/edit/wp-content/uploads/2012/04/2012-04-23-Purdue-IT-Security-Incident-Response.pdf

Thank you!

–Education IT (edit@purdue.edu)

Contact Education IT First!

Dear College of Education,

If you run into a problem with your College of Education owned computer, printer, laptop, iPad, software, or other technology, or if you have problems with your Purdue career account (e.g. logging into systems after a password change), please to contact the Education IT team first before contacing the central IT group. 

Education IT is your first responder for IT assistance and we work closely with the other IT organizations at Purdue.  By sending your request to edit@purdue.edu or calling us at (765) 494-2658, we’ll help ensure that you get the fastest response to your question or problem.

Thank you and happy computing!  🙂

— Your Education IT Team