Tasks for Low Risk Data
Now that you know your risk level, it's time to implement appropriate tasks to protect your data. Work with your departmental IT support resource or IS&T to undertake reasonable steps to complete these tasks. If implementing a particular task prevents you from completing your work, contact security@mit.edu—it may be acceptable to mitigate the risk using other methods. Some of the tasks might not be applicable to your situation. You may filter the list to show tasks applicable to your role – User, Data Owner, or System Administrator. If you are handling regulated information or have signed a data use agreement there may be some tasks that are absolutely required.
Your current IT support may already have many of these tasks implemented as part of their service. You can also contact the Service Desk for assistance with securing information.
| Task | Applies to | Service or Tool | |
|---|---|---|---|
| Enable your operating system's firewall. |
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
A host that provides a network accessible service. |
Learn how |
| Task | Applies to | Service or Tool | |
|---|---|---|---|
| Use vendor supported applications and operating systems. |
Application
, Software running on a server that is remotely accessible, including mobile applications.
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
A host that provides a network accessible service. |
Software Patches and OS Updates | Learn how |
| Configure automatic download and application of software and operating system updates. |
Application
, Software running on a server that is remotely accessible, including mobile applications.
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
A host that provides a network accessible service. |
Software Patches and OS Updates | Learn how |
| Stay informed of available patches for your operating system and applications. |
Application
, Software running on a server that is remotely accessible, including mobile applications.
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
A host that provides a network accessible service. |
Software Patches and OS Updates | Learn how |
| Where applicable, use endpoint management tools to ensure the tasks for this level are completed on your devices. |
Endpoint
A computer device such as a desktop workstation, mobile phone, tablet, or laptop. |
Mac Device Management, Windows Device Management | Learn how |
| Task | Applies to | Service or Tool | |
|---|---|---|---|
| Promptly report actual or suspected compromise, including loss, theft, improper use, modification of, or access to information to security@mit.edu. |
Application
, Software running on a server that is remotely accessible, including mobile applications.
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Media
, Any portable data storage method such as paper hard copies, external USB hard drives, CDs/DVDs, etc.
Server
A host that provides a network accessible service. |
Learn how | |
| Review your systems and procedures regularly to ensure the tasks for this risk level are applied. |
Application
, Software running on a server that is remotely accessible, including mobile applications.
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Media
, Any portable data storage method such as paper hard copies, external USB hard drives, CDs/DVDs, etc.
Server
A host that provides a network accessible service. |
Learn how |
| Task | Applies to | Service or Tool | |
|---|---|---|---|
| Create a unique, non-privileged, account for each user. Assign a different password for user and administrative accounts. |
Application
, Software running on a server that is remotely accessible, including mobile applications.
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
A host that provides a network accessible service. |
Learn how | |
| Use strong passwords. Change authentication keys e.g., password, certificate, regularly - at least annually. |
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
, A host that provides a network accessible service.
Application
Software running on a server that is remotely accessible, including mobile applications. |
LastPass Enterprise, Passwords | Learn how |
| Do not reuse passwords for multiple services. Do not use your Kerberos password for non-Kerberos enabled systems. |
Application
, Software running on a server that is remotely accessible, including mobile applications.
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
A host that provides a network accessible service. |
LastPass Enterprise, Passwords | Learn how |
| Change passwords immediately if a compromise is suspected. |
Application
, Software running on a server that is remotely accessible, including mobile applications.
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
A host that provides a network accessible service. |
Passwords | Learn how |
| Store and transmit only encrypted passwords. |
Application
, Software running on a server that is remotely accessible, including mobile applications.
Server
, A host that provides a network accessible service.
Media
, Any portable data storage method such as paper hard copies, external USB hard drives, CDs/DVDs, etc.
Endpoint
A computer device such as a desktop workstation, mobile phone, tablet, or laptop. |
Encryption, Passwords | Learn how |
| Change default or vendor-supplied passwords and remove default accounts. |
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
, A host that provides a network accessible service.
Application
Software running on a server that is remotely accessible, including mobile applications. |
Passwords | Learn how |
| Task | Applies to | Service or Tool | |
|---|---|---|---|
| Install malware protection applications, if available for the platform. |
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
A host that provides a network accessible service. |
CrowdStrike, Sophos Anti-Virus, Virus Detection and Prevention | Learn how |
| Set up and perform regular backups. |
Application
, Software running on a server that is remotely accessible, including mobile applications.
Endpoint
, A computer device such as a desktop workstation, mobile phone, tablet, or laptop.
Server
A host that provides a network accessible service. |
CrashPlan, TSM (Tivoli Storage Manager) | Learn how |
| Enable whole disk encryption on portable devices. |
Endpoint
A computer device such as a desktop workstation, mobile phone, tablet, or laptop. |
BitLocker (Windows), FileVault (Mac) | Learn how |
