RWU is committed to protecting the personal information of the University community. In certain circumstances, RWU benefits from sharing sensitive data with outside vendors for business purposes. Payroll processing is one example of this. Although these partnerships are needed, they can lead to an increased risk of RWU data exposure. To help mitigate these risks, the University’s Written Information Security Program notes a safeguard measure (Safeguards, section 5)  to evaluate vendors we share sensitive data with.             This safeguard is in the form of a comprehensive security controls and policies questionnaire each vendor must complete as a prerequisite to RWU sharing sensitive data.             Please take a moment to review the new procedure regarding vendor contracts where RWU sensitive data is shared in electronic or paper formats:             1. When considering contracting with a vendor or renewing an existing contract, have the vendor complete the VRM questionnaire before contract finalization.             2. Submit the VRM questionnaire to the RWU Information Security Officer (Allan Ramella – aramella@rwu.edu, 401-254-3167)             3. Once the Information Security Officer has reviewed and approved the questionnaire, submit the approval with the RWU Office of General Counsel Contract Review Form (https://www.rwu.edu/sites/default/files/downloads/generalcounsel/ogc_contract_review_form.pdf )             The new procedure will go into effect on Monday, November 2, 2020.              If you have any questions or concerns, please do not hesitate to contact Allan Ramella.             Thank you in advance for your cooperation and support. Sincerely,             IT | Purchasing | OGC | Finance

1. Navigate to sendto.rwu.edu and Login using your RWU credentials.   NOTE: if your RWU credential do not work, please open a ticket with Media Tech requesting access to Sendto.RWU.edu   2. To upload the file you wish to share: click the plus + button in the top left corner of the home page.     3. Select "Upload File. "   4. Select the file from your computer, then select open.     5. To share an uploaded file: click the file you wish to share, followed by the share icon.  This will expand the file sharing menu options.    NOTE: the "Toggle Grid View" option in the upper right corner of the screen provides alternative file viewing options and commands that can also be accessed via the three dots (...).    6. Under the "Sharing" tab, select the plus button (+) to the right of the Share Link option to create and copy the hyperlink that will be used by the recipient to download the file.     7. To add security: check Password Protect to generate a password needed by the recipient to download the file.  Check the expiration date option to establish a time when the shared file link will expire.     8. Paste the hyperlink to download the file in an email to to the recipient. NOTE: Do not include the password in the email; rather relay the password to the recipient via a phone call.    

1. Click the shared link.    2. If password protected: enter the password the sender provided.     3. Download the document using the download button.     4. Open the document.    

Checking past logins to your O365 Account For security purposes its best practice to periodically check historic logins. O365 retains a list of successful and attempted access request that can be accessed using these steps: 1) Login to O365 (https://o365.rwu.edu): Select the Account Manager icon in the upper right corner and choose “view account”. 2) From your default O365 page, select “My sign-ins” My Sign-ins This page provides a historic view of past logins – attempted and successful. Each logged event includes geo location, device operating system, web browser used, IP address, App accessed, and Account name. If you see any logins from strange location(s) or at odd times of day, please do not hesitate to contact MediaTech. NOTE: IP Geo-addressing is not exact. Internet service providers typically register IP addresses in the general region they are to be used. Therefore, it’s not uncommon to see a local city reported in the address field - not your precise location.  However, a login from a foreign State or Country during non-working hours should prompt a call to MediaTech to investigate.