following is an introduction to
fundamentals of Information
Security and TMU’s training
requirements for its
employees. This material is
presented in a question and answer
format to help
you understand the need to protect
student and institutional data
unauthorized breach and maintain
compliance with FERPA, GLBA, GDPR,
Q1: What is
Security is the process of:
- • Maintaining the privacy of sensitive student, organizational and personal data
- • Protecting this data from unauthorized modification
- • Ensuring
data accessibility when needed
Q2: What are the
consequences of an Information
A: There are
several potential consequences.
- • Loss of student or employee data is breach of privacy and could lead to potential identify theft for individuals and fines for the University. The average cost of a data breach in the U.S. education field is $245 per lost record. When Social Security Numbers are involved, the cost jumps to $355 per record lost.
- • Data compromises, including hacked user accounts such as email, require TMU to immediately report such incidents to the U.S. Department of Education for review. Fines of up to $54,789 per incident can be levied for not reporting incidents. Patterns of data handling negligence can ultimately result in loss of federal funding for the University.
- • Breaches that involve more than 500 California residents require reporting to the State Attorney General’s Office.
- • Information
security breaches can also lead to a
loss of reputation
to the University and significantly
impact current and future business
Q3: What are some
threats to TMU’s data?
A: Recent threats
include but are not limited to:
- • Malware (viruses, ransomware,worms, etc.)
- • Ransomware, where an attacker locks your data and demands a ransom to unlock it
- • Outdated software having security vulnerabilities
- • Unencrypted lost computers/devices containing sensitive data
- • Human Error (accidentally emailing sensitive information, lost USB drives, sharing passwords with others, etc.)
- • Social
Q4: What is social
Engineering is the art of manipulating
people to give up confidential information
such as financial account details,
- • Criminals may trick you into giving up sensitive information or installing malware to gain access to your computer.
- • They may accomplish this through fraudulent emails, phones calls, SMS, or other means.
- • Phishing emails are one of
TMU’s greatest threats.
Q5: Doesn’t IT
utilize email filters that will
block all phishing
A: While TMU has
several layers of email filtering
that will block a majority of malicious
emails, a portion still gets through
due to constantly evolving tactics and new
content used by cyber criminals. Consequently,
it’s still very important for all TMU
users to carefully process their
have been several incidents where
employees have given up their access
credentials for important systems by
responding to a phishing email.
Q6: What security
training is available to TMU
A: The University
has partnered with a leading
security vendor to provide weekly phishing
simulation emails to educate
faculty, staff, and student interns on the
latest phishing threats impacting
universities and companies.
- • Some simulation emails will appear to be legitimate emails at first glance. Our intention is not to trick you, but to help you become familiar with what actual threats may look like when they arrive in your TMU inbox and how to respond.
- • Per
TMU’s Information Security and
Acceptable Use policies,
employees will be assigned periodic
online interactive training covering
current information security topics
and potential threats. These videos
vary in length from 5-15 minutes.
Training will vary with different job
Q7: How do I access
TMU’s user awareness training
A: Please navigate
- • At TMU’s Microsoft login page, enter your faculty/staff credentials.
- • You will then be redirected to our training site and you will see the training that has been assigned to you.
- • Per TMU's Information Security and Acceptable Use policies, this is required training.
- • Please
do not neglect this valuable training.
Many TMU employees,
quite possibly including yourself,
will be handling sensitive data. A
careless data act can result in
significant damage to the