New Employee Information

This page offers information for new employees to the Middlebury Community. We welcome you and encourage you to use the entire site to your benefit.

Information security

Where can I get additional information about Information Security?

This site is a stepping stone to the InfoSec website and our full curriculum on information security. you also are always welcome to contact the Information Security workgroup at any point at Here are some additional useful sites.

Where can I get more information on Middlebury Computing Services?

Middlebury ITS has a large collection of different computing services that are easiest to access through the User Services group. They maintain a site for New Employees that can be found at

What is Phishing?

Phishing is a form of social engineering whereby a malicious attacker attempts to either gather information or insert malicious software into a system through fake emails or web sites which are used to lure in a victim.

learn more at

What is Adware - why safe downloads?

When downloading applications or software over the internet always go to the vendors home site to to download the software. Frequently bad actores will spoof or fake a legitimate site or host a download site, such as, as a source for seemingly legitimate software. The applications at these sites often include adware and other malicious content which may infect your computer.

Adware is a form of malicious software which is leveraged by bad actors to gather information about you and your habits for better targeting marketing toward you. It also often opens loopholes for more viral like applications which may result in malware infecting your system. 

When installing an application, such as Flash or Java, read every screen during an install process. Many applications are bundling additional applications during and install process such as the Ask toolbar. Many of these, including the Ask toolbar, are adware and can be difficult to remove.

Why avoid toolbars and browser plugins?

Every browser has additional plugins available today. Every browser partners with other vendors to make options available. This does not imply that the manufacturer of the browsers is going to patch all of these plugins when they patch the browser. When you add the Google Toolbar or plugins to FireFox and Chrome, you are creating potential security loopholes in your browser. Many of these plugins and toolbars also come with adware bundled in, such as WeatherBug.

While these features may seemingly add convenience and functionality they also may be giving away your security and information. Browsers today are much more advanced than many individuals realize. Make sure you need to have the plugin functionality and have vetted all of the security issues before adding it to your computer.

What is sensitive information?

Sensitive information comes in many forms: passwords, identification numbers, financial data, demographic data, regulated and non-regulated data. Part of the question is how and when can you use sensitive data. Middlebury has a policy around sensitive data called the Data Classification Policy ( ). This policy defines three different classes of data and how and when to uses them.

Two key things to know about sensitive data:

  • Middlebury never stores payment card data.
  • If you ever enter sensitive data into a web site, verify that it is a secure site, protected with HTTPS and that the address or URL is the correct address for the destination you are trying to go to.
What is HTTPS - how do I recognize a secure website?

HTTPS indicates a secure website. you should only enter credentials such as username and password or financial information into a website that is protected with HTTPS.

SSL, or Secure Socket Layer, is encryption between your computer and a web site which protects the data passed between your computer and the web site. It is indicated by the S after the HTTP in a web address. There should also be an accompanying padlock indicated near the web address in the browser. This padlock, when clicked on, will give you information about the certificate which protects the encryption. A certificate is like a passport for the web site. It tells the computer who authorizes the encryption on the web site and who verifies that the site is secure. When your computer does not recognize the certificate you will get a warning before you get to the website that will warn you that the site might be unsafe.

What policies are important for me to know?

Middlebury considers the employee handbook as the employee contract.

From an Information Security perspective there are a few other policies we like to make mention of: