SIPA Building

Data Protection & Security

Security & Data Protection

Computer Security

The School of International and Public Affairs Information Technology (SIPA IT) office maintains policies about the use and security of its system in the interests of protecting user data and ensuring the reliability of mission-critical systems. These policies supplement the university (CUIT) security policies. All users are expected to be familiar with and adhere to these policies. 

Security Awareness Training

CUIT provides free security awareness training to users so that they can recognize computer security, social engineering, phishing emails, and learn about FERPA and HIPAA policies. There are several short modules that address each of these areas. Users are encouraged to take this training.

Best Practices for Protecting Your System

- Make sure your system operating system is patched.

- Have virus and Malware protection; ensure virus definitions are up to date.

- Make sure all software updates are applied as they become available.

- Use strong passwords with a combination of at least three of the following: upper case, lower case, numbers and

special characters with a minimum length of 8 characters.

- Do not share passwords with others.

- Log off systems when not using them.

- Avoid using free Wifi when possible.

- Do not use free Wifi for banking or shopping or any sensitive data.

- Be mindful when browsing the web.

- Backup your data regularly.

- Do not leave personal sensitive data on network drives.

- Be careful when opening an unsolicited email. Check the email address by hovering over the email address to see they match. If not, the email is a phishing email. Report to [email protected] and delete it.

- CUIT and SIPAIT will never ask you to provide your credentials for verification. This is generally an indication of spam/phishing email. Do not click on any such links.

- Physical security of your devices is also important. Do not leave them unattended.

Data Compliance at CU & SIPA

The University requires all users to be in compliance with its data classification policies for sensitive user data stored on computers. This includes Social Security Number, Date of Birth, Visa and Passport numbers, and Credit Card information. This requires ongoing vigilance for data stored on computers, including the network drives. These policies also apply to all removable media and printed material. The CU policies on sensitive data can be viewed on Columbia University data classification webpage (data classification can be found in the Appendices).

  • For users on the SIPA network, SIPA IT will periodically scan their computer systems and network drives. SIPAIT will then contact SIPA staff if any data needs attention. Users administering their own system should make sure that they are in compliance with the University policies. All precautions must be taken to secure these materials. Please do not store any personal information in your network drive. This includes tax returns, copies of passport, birth certificate, visa, etc. These documents will be removed without notice.  For questions, please contact [email protected].

    Below are steps users can take when dealing with sensitive data.

    • Remove any sensitive data/redact it from files you wish to retain, if possible.

    • Delete all files that are not needed.

    • Empty the trash.

    • Identify any files/folders that you need to retain with sensitive data.  Contact SIPA IT to plan for encrypting data in accordance with University policy.

    • Provide written justification for keeping any sensitive data which you have identified. Fill out appropriate forms (available from SIPAIT) for submission to the University. 

Data Security While travelling to High Rish Countries

Anyone visiting High-Risk countries, especially China should take precautions to protect the data on their devices such as mobile phones, tablets and laptop computers. Intellectual property and your login/password will be monitored and logged while visiting many of the countries mentioned below.

  • Plan well in advance. Below are suggested guidelines.

    • Travel only with data needed for your trip.
    • Consider leaving USB drives behind as they can easily get damaged by magnetic scanners while entering and exiting the airports security screening.

    Preferably take a pre-paid phone or a loaner.

    • If using your regular phone, backup data; reset phone to factory settings and prepare only needed information for travel.
    • Keep Bluetooth and Camera off. If possible turn off Wi Fi when not in use.
    • Shut down the phone when it is not needed.
    • Disable all unwanted features and apps.
    • Do not plug in your phone to charger kiosks. There may be a computer attached to capture data from the phone.
    • Use CUIT VPN to access Columbia University on-campus resources only.
    • Always keep the phone with you.
    • Wipe out the loaner phone on return.
    • Do not back it up and restore data to the regular use phone.

    Internet Access:

    • While using a VPN to access the Internet is highly recommended, VPN usage is banned in China. However, CUIT recommends using their VPN to access Columbia University on-campus resources.
    • Do not send any important data over Wi Fi.
    • VPN must be turned off in China to browse the web both on laptop/tablet and phone.
    • Skype connections are monitored.
    • CU provides VPN access for faculty and staff. Software can be downloaded at https://cuit.columbia.edu/remote-access-services.

    Email:

    • Gmail/Lionmail is not accessible from China.
    • Microsoft Office 365 account is accessible from local China site. Traffic is tracked and unencrypted.
    • SIPA IT Recommends creating a new temporary email account at https://outlook.live.com/owa/. Make note of the password as SIPAIT has no access to reset passwords on this account.
    • Forward your regular email to the new account for the duration of travel.
    • Turn off forwarding upon return from your visit.
    • Use a password that you have not used for any of your other accounts, including email, personal banking and shopping accounts.
    • If the devices are scanned or you are asked to turn over a device, reset password immediately on getting the device back.

    Given below is a list of high risk countries.

    • Afghanistan
    • Algeria
    • Belarus 
    • Burundi
    • Cameroon
    • Central African Republic
    • Chad
    • China, The People's Republic of
    • Congo, Democratic Republic of the
    • Crimea (Region of Ukraine)
    • Egypt
    • Eritrea
    • Haiti
    • Hong Kong
    • Iran
    • Iraq
    • Kenya
    • Korea, Democratic People's Republic of
    • Lebanon
    • Libya
    • Mali
    • Mauritania
    • Myanmar 
    • Niger
    • Nigeria
    • Pakistan
    • Palestine
    • Russia
    • Saudi Arabia
    • Somalia
    • South Sudan, Republic of
    • Sudan
    • Syria
    • Thailand
    • Ukraine
    • Venezuela
    • Yemen
    • Zimbabwe