News & Updates

Small Talk from the VP: Reducing Risk

By Dave Smallen

August 19, 2015

Texting while driving, smoking, crossing College Hill Road without looking both ways are all behaviors that increase the risk of harm to ourselves and others.  As the picture indicates, the NYS Thruway has an active campaign to reduce the risk of distracted driving.

At Hamilton, a major effort has been underway for several years to reduce the risk of identity theft and the compromise of confidential and sensitive information. This initiative has three major thrusts: policy development, technological controls and awareness. 

In the fall, the Information Security Board and the Committee on the Library and Information Technology will be reviewing several new and revised policies, including an explicit classification of institutional data into three categories (confidential, sensitive and public) and guidelines for how each category should be handled in the course of business.  Last year, the Committee on the Library and Information Technology reviewed and updated all policies related to the use of technology resources. Effective policies help clarify responsibilities and provide guidelines that reduce risky behavior.

To protect information stored on desktop and laptop computers Hamilton is encrypting laptop and desktop computers distributed to employees.  This simple process makes the data inaccessible if the computer is lost or stolen.  This reduces our institutional exposure and likely will reduce the cost of our cybersecurity insurance. Our plan is to have encryption enabled in all administrative offices, for every computer as it is replaced and eventually all mobile devices.  Encryption reduces the risk of confidential or sensitive data falling into the wrong hands.

Last year we implemented CrashPlan™ software for automated backup of these same computers.  Files are backed up continuously whenever the computer is connected to the Internet – you don’t have to remember to do this yourself.   Over 500 employees are using this software and last year we had to use it several times to restore data when computers failed or files were mistakenly deleted. A comprehensive program of data backup reduces the risk of data loss.

Information security threats continue to evolve so it is important to have an ongoing awareness program.  Over 400 employees have attended training provided by GreyCastle Security in March and August.  In addition students in the classes of 2018 and 2019 completed SANS Securing the Human training and testing online over the last two summers.  We will be offering another GreyCastle training day in October in conjunction with National Cyber Security Awareness month.   In addition we are developing video/ testing modules that can be used by those who cannot easily attend these sessions.  The greatest risk to information security is human behavior.  Changing the behavior for almost 2,500 faculty, staff and students is a big challenge, but ultimately can have the biggest impact.

Despite regular warnings we occasionally have a member of the Hamilton community who crosses the intersection of College Hill Road and Martin’s way without looking for oncoming cars.  Some have actually been hit by cars. Similarly, we can never eliminate our information security risk but we all have a role in reducing it.