What you need to know about storing data in FileMaker at MIT
If not properly configured and housed, the FileMaker databases you work with may be at risk for security breaches. Files stored locally on your work or personal computer may be some of the most vulnerable data sources at MIT. Please visit the IS&T Security Team's InfoProtect web pages at MIT to learn more about protecting your data.
Before you install FileMaker, take the time to familiarize yourself with the kinds of data described below that should be of concern and the steps you can take to reduce security risks. Protect yourself, the data you keep, and the integrity of the Institute. In addition to making sure that your computer itself is set up securely, follow all MIT's recommended FileMaker Security Guidelines.
Who should be concerned about data security at MIT?
Put simply, if you have any data on your computer that you or others wouldn't want published in The Tech or any other publication, then you should read this. Many FileMaker databases are used for storing mission critical, sensitive, and/or regulated data, including student contact information, student demographic data, and employee HR data. Even if you have a reason to store sensitive data in FileMaker or in other files, FileMaker should never be used to store PIRN data. If you have FileMaker databases or other electronic documents that contain or that you think might contain PIRN data, you should contact the IS&T Security Team at infoprotect@mit.edu for advice on how to mange those files.
If your computer went missing tomorrow, consider the consequences. Is that computer encrypted so that your data could not be retrieved by someone else? Do you have an easy-to-guess password that could be easily hacked by someone else having unlimited access to your computer? By default, FileMaker files come with a full-access admin account that doesn't require a password. Could you have an active password-free account in your FileMaker databases? Are there mission critical files on your computer for which you might not have a recent backup? Do you know what is contained in all the files you have on your computer currently? Might some of your inactive files have PIRN or sensitive data that you have forgotten about? If the answer is yes to any of the above questions, find out how to store your data safely.
Here are some important links regarding MIT and personal data privacy and security.
- Information Protection @MIT Resources
- Definition of PIRN (Personal Information Requiring Notification)
- Storage of student data covered under FERPA (Family Educational Rights and Privacy), Student Privacy Policy, Data to be protected at MIT
- Encrypting Sensitive Data