Training and Agreement

This training is applicable to all campus personnel who have access to credit card information. Throughout this training, the term “Employee” is expanded to include anyone who has access to credit card information working in any capacity for Middlebury including the following:

• Staff
• Students
• Faculty
• Administrators
• Temporary employees
• Contractors
• Volunteers

Note:  The term “merchant” refers to any campus unit or department which accepts credit cards for payment - either in person, via the web or through a third party service provider.

Security is Everyone’s Responsibility

It is important for each of us to be aware of the increasing security risks to our increasingly connected lives. From laptops and tablets to smartphones and wearable technology, and 24/7 access to our personal data, the risk of sensitive information being exposed is very real. 

• Be Data Aware: Travel with, save, or record ONLY the data that is necessary and essential. Always redact or remove unnecessary sensitive data. Always keep your data backed-up and encrypted, when possible.
  
   
• Protect Your Device: Add a passcode to your cell phone, tablet, or laptop right now! iOS devices automatically encrypt your data once a passcode has been set. Android devices can encrypt your data with a few minor settings changes.
  
   
• Use Strong and Unique Passwords or Passphrases: Especially for online banking and other important accounts.
  
   
• Use Multi-Factor Authentication when available: Middlebury introduced MFA for O365 and other services in 2016. Use MFA wherever possible.
  
   
• Check Your Social Media Settings: Review your social media security and privacy settings frequently. Enable MFA whenever possible. Keep your social media accounts current or close them.
  
   
• Educate Yourself: Stay informed about the latest technology trends and security issues such as malware and phishing.
  • Visit http://go.middlebury.edu/infosec for more information.
  • For targeted training visit: http://go.middlebury.edu/infoseced.
    
     
• Get Trained: Contact ITS – Information Security at infosec@middlebury.edu to set up a training session for your department.

Training and Certification

1. Read the PCI - Middlebury PCI Policy for Accepting Credit Card and eCommerce Payments.
2. Agents of the College entering payment card data into a card-present device must read on Skimming Prevention and Physical Security.
3. Information Technology Services staff must also read the PCI Written Information Security Policy (PCI WISP).
4. Read and electronically sign the PCI Security Awareness and Confidentiality Agreement.