Data Loss Prevention (DLP) - UCF Information Security

What is Data Loss Prevention?

InfoSec recognizes that protected data, such as government identification numbers, health records (HIPAA ) and payment card information (PCI), is used in a wide range of ways throughout the campus. As stewards of this valuable information, it is our responsibility to implement robust measures to protect it from unauthorized access, breaches or accidental loss.

To further enhance our data security efforts, we are excited to announce the upcoming launch of our Data Loss Prevention (DLP) Project. The DLP Project aims to strengthen our university’s data protection framework by implementing advanced technologies, policies and procedures. This initiative will help us identify, monitor and mitigate potential risks associated with the handling and storage of protected data within our university community.

Throughout the DLP Project, we will be collaborating with faculty, staff and students to ensure a comprehensive and inclusive approach to data protection. By leveraging cutting-edge data loss prevention solutions, conducting thorough risk assessments, and fostering a culture of data security awareness, we aim to create a safer digital environment for everyone at UCF.

QUICK links

Data Policies Data Classification

Stay Alert and Report!

Do you suspect your data has been compromised or have you stumbled upon exposed restricted data? Our Security Incident Response Team can help!

What Is Protected Data?

Protected data encompasses information that is classified as Highly Restricted Data or Restricted Data, which includes data subject to legal protection, regulations, contracts or policies requiring specific measures for its security.

Restricted Data refers to institutional data subject to specific regulations, which must be safeguarded to prevent unauthorized disclosure. Examples include UCF NID and FERPA protected data like academic records.
Highly Restricted Data comprises critically important information, where the loss, unauthorized access or disclosure of which could put the finances and safety of our students and staff at risk. Examples of highly restricted data include credit numbers, social security numbers and medical records.

Disclosure of protected information could drastically affect the mission and reputation of our university. Become more familiar with how data is classified by reviewing the detailed UCF Policy as well as the quick reference Data Classification Matrix

_{Proper Data Handling:}
DOING YOUR PART TO PROTECT Sensitive DATA

Proper data handling encompasses various practices and security measures aimed at ensuring the confidentiality, integrity and availability of data. This includes both technology-based security measures and best practices when collaborating with sensitive data. Here is a brief overview based on this knowledge base article:

Technology-Based Security Measures

Encryption: Use encryption techniques to protect data both in transit and at rest. This involves encoding data so that it can only be accessed by authorized individuals with the corresponding decryption key.
Access Controls: Strong access controls to restrict data access based on user roles and privileges. This includes using strong passwords, multi-factor authentication and regular access reviews.
Firewalls and Intrusion Detection Systems: Firewalls and intrusion detection systems are used to monitor and filter network traffic, protecting against unauthorized access and potential cyber threats.
Data Loss Prevention (DLP): DLP will automatically classify all restricted data and then monitor and prevent the unauthorized transmission or use of it.
Secure Software and Patch Management: Keep software and systems up to date with the latest security patches and ensure the use of secure coding practices to minimize vulnerabilities.

Best Practices for Data Handling & Storage

Regular Data Backups: Perform regular backups of important data to ensure its availability and recoverability in case of data loss or system failure.
Secure Data Transmission: Use secure protocols, such as HTTPS or SFTP, for transmitting sensitive data over networks. Avoid sending sensitive information via unencrypted channels.
Training and Awareness: Educate staff, faculty and students about data handling best practices, including recognizing phishing attempts, avoiding suspicious downloads and following security policies and procedures.
Secure Disposal: Properly dispose of data and devices that contain sensitive information. This may involve securely wiping data from storage media or physically destroying devices.
Data Minimization: Collect and retain only the data that is necessary for business or educational purposes. Avoid storing unnecessary or sensitive information to reduce the risk of data breach.

Teams Messages and Groups

Use private channels to limit access to specific individuals on a need-to-know basis.
Follow the best practices listed above for sharing documents containing sensitive data in Teams.

Sharing Documents

Password Protection: Use password protection to require a password for recipients to access Word documents, Excel files, and PDF files to ensure they are viewed only by the appropriate people. Share the password with the recipient in a separate communication, such as separate email or phone call.
Prevent Link Sharing: Prevent recipients from forwarding a shared link to a document containing sensitive data by sending the link using the Specific People permission. This will create a link that works only for the specified recipient(s).
External Recipient Verification: When sharing documents with recipients outside of UCF, use the Specific People setting. The recipient will receive a link in their email that works only for them. When they select the link, they will need to verify their identity to access the file.

Email

Send sensitive email messages securely to recipients outside of UCF by encrypting messages using O365 Email Message Encryption.

Data Handling & Storage

Regular Data Backups: Perform regular backups of important data to ensure its availability and recoverability in case of data loss or system failure.
Secure Data Transmission: Use secure protocols, such as HTTPS or SFTP, for transmitting sensitive data over networks. Avoid sending sensitive information via unencrypted channels.
Training and Awareness: Educate staff, faculty and students about data handling best practices, including recognizing phishing attempts, avoiding suspicious downloads and following security policies and procedures.
Secure Disposal: Properly dispose of data and devices that contain sensitive information. This may involve securely wiping data from storage media or physically destroying devices.
Data Minimization: Collect and retain only the data that is necessary for business or educational purposes. Avoid storing unnecessary or sensitive information to reduce the risk of data breach.