{"id":179162,"date":"2025-11-05T15:50:42","date_gmt":"2025-11-05T08:50:42","guid":{"rendered":"https:\/\/it.telkomuniversity.ac.id\/infografis-pencegahan-kebocoran-data\/"},"modified":"2025-11-05T16:03:29","modified_gmt":"2025-11-05T09:03:29","slug":"data-leak-prevention-infographic","status":"publish","type":"post","link":"https:\/\/it.telkomuniversity.ac.id\/en\/data-leak-prevention-infographic\/","title":{"rendered":"Data Leak Prevention Infographic"},"content":{"rendered":"\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-2 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"819\" height=\"1024\" data-id=\"179150\" src=\"https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-1-819x1024.jpg\" alt=\"Peraturan Pencegahan Kebocoran Data Telkom University (1)\" class=\"wp-image-179150\" srcset=\"https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-1-819x1024.jpg 819w, https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-1-240x300.jpg 240w, https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-1-768x960.jpg 768w, https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-1.jpg 1024w\" sizes=\"auto, (max-width: 819px) 100vw, 819px\" \/><figcaption class=\"wp-element-caption\">Peraturan Pencegahan Kebocoran Data Telkom University (1)<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"819\" height=\"1024\" data-id=\"179154\" src=\"https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-3-819x1024.jpg\" alt=\"Peraturan Pencegahan Kebocoran Data Telkom University (3)\" class=\"wp-image-179154\" srcset=\"https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-3-819x1024.jpg 819w, https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-3-240x300.jpg 240w, https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-3-768x960.jpg 768w, https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-3.jpg 1024w\" sizes=\"auto, (max-width: 819px) 100vw, 819px\" \/><figcaption class=\"wp-element-caption\">Peraturan Pencegahan Kebocoran Data Telkom University (3)<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"819\" height=\"1024\" data-id=\"179156\" src=\"https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-4-819x1024.jpg\" alt=\"Peraturan Pencegahan Kebocoran Data Telkom University (4)\" class=\"wp-image-179156\" srcset=\"https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-4-819x1024.jpg 819w, https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-4-240x300.jpg 240w, https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-4-768x960.jpg 768w, https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-4.jpg 1024w\" sizes=\"auto, (max-width: 819px) 100vw, 819px\" \/><figcaption class=\"wp-element-caption\">Peraturan Pencegahan Kebocoran Data Telkom University (4)<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"524\" height=\"647\" data-id=\"179152\" src=\"https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-2.jpg\" alt=\"Peraturan Pencegahan Kebocoran Data Telkom University (2)\" class=\"wp-image-179152\" srcset=\"https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-2.jpg 524w, https:\/\/it.telkomuniversity.ac.id\/wp-content\/uploads\/2025\/11\/Peraturan-Pencegahan-Kebocoran-Data-Telkom-University-2-243x300.jpg 243w\" sizes=\"auto, (max-width: 524px) 100vw, 524px\" \/><figcaption class=\"wp-element-caption\">Peraturan Pencegahan Kebocoran Data Telkom University (2)<\/figcaption><\/figure>\n<\/figure>\n\n\n\n<p>Telkom University issued\u00a0<strong>Telkom University Regulation No. PU.018\/LGL03\/PTI\/2025 concerning Data Leak Prevention<\/strong>\u00a0as an umbrella for information security governance. This article explains why this regulation is important, who is affected, our obligations, practical preventive measures, how to report incidents via\u00a0<strong>the Telkom University e-Ticket<\/strong>\u00a0, and how work units and partners can comply without hampering productivity.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<section id=\"g-pz1f1nk\" class=\"wp-block-gutentor-m13 section-g-pz1f1nk gutentor-module gutentor-module-table-of-contents g-enable-collapsible\"><div class=\"grid-container\"><div class=\"g-toc\"><div class=\"g-toc-header\"><div class=\"g-toc-heading g-icon-right\"><div class=\"g-toc-title\">Table of Contents<\/div><span class=\"g-toc-icon-wrap\"><i class=\"g-toc-icon g-toc-icon-open fas fa-plus\"><\/i><i class=\"g-toc-icon g-toc-icon-close fas fa-minus\"><\/i><\/span><\/div><\/div><div class=\"g-toc-body\"><ol class=\"g-ordered-list\" type=\"1\"><li><a href=\"#1-mengapa-peraturan-ini-penting\">Why is this regulation important?<\/a><ol class=\"child-list\"><li><a href=\"#2-dampak-nyata-kebocoran-data\">The real impact of data leaks<\/a><\/li><\/ol><\/li><li><a href=\"#3-siapa-yang-terdampak\">Who is Affected?<\/a><ol class=\"child-list\"><li><a href=\"#4-cakupan-sivitas-dan-mitra\">Coverage of community members and partners<\/a><\/li><li><a href=\"#5-jenis-aset-informasi-yang-dilindungi\">Types of information assets protected<\/a><\/li><\/ol><\/li><li><a href=\"#6-apa-yang-diatur-dalam-peraturan\">What Does the Regulations Say?<\/a><ol class=\"child-list\"><li><a href=\"#7-h21-klasifikasi-data-publik-internal-konfidensial\">1 Data classification: Public, Internal, Confidential<\/a><\/li><li><a href=\"#8-h22-siklus-hidup-data-dari-awal-hingga-dimusnahkan\">2 Data life cycle from inception to destruction<\/a><\/li><li><a href=\"#9-h23-kewajiban-pengguna-dan-unit-kerja\">3 User and work unit obligations<\/a><\/li><li><a href=\"#10-h24-kepatuhan-pihak-eksternal-mitravendor\">4 External party compliance (partners\/vendors)<\/a><\/li><\/ol><\/li><li><a href=\"#11-7-langkah-mudah-mencegah-kebocoran-data-1-menit-baca\">7 Easy Steps to Prevent Data Leaks (1 Minute Read)<\/a><\/li><li><a href=\"#12-cara-melaporkan-insiden-keamanan-informasi\">How to Report an Information Security Incident<\/a><ol class=\"child-list\"><li><a href=\"#13-h31-apa-yang-dimaksud-insiden\">1 What is meant by an incident?<\/a><\/li><li><a href=\"#14-h32-kanal-resmi-aplikasi-e-ticket-puti\">2 Official channels: PuTI e-Ticket Application<\/a><\/li><li><a href=\"#15-h33-prinsip-3t-saat-insiden--tenang-tangkal-tiket-\">3 Principles of 3T during an incident:&nbsp;Calm, Prevent, Ticket<\/a><\/li><\/ol><\/li><li><a href=\"#16-perangkat-akun-dan-aplikasi-kebiasaan-aman-yang-tidak-merepotkan\">Devices, Accounts, and Apps: Hassle-Free Security Habits<\/a><ol class=\"child-list\"><li><a href=\"#17-h34-akun-dan-autentikasi\">1 Account and authentication<\/a><\/li><li><a href=\"#18-h35-email-amp-kolaborasi\">2 Email &amp; collaboration<\/a><\/li><li><a href=\"#19-h36-perangkat-kerja\">3 Work devices<\/a><\/li><\/ol><\/li><li><a href=\"#20-tanggung-jawab-unit-kerja-dari-kebijakan-ke-praktik-harian\">Work Unit Responsibilities: From Policy to Daily Practice<\/a><ol class=\"child-list\"><li><a href=\"#21-h25-penunjukan-pic-keamanan-informasi-unit\">1 Appointment of PIC of information security unit<\/a><\/li><li><a href=\"#22-h26-integrasi-ke-proses-kerja\">2 Integration into work processes<\/a><\/li><\/ol><\/li><li><a href=\"#23-mitra-dan-vendor-bersama-menjaga-rantai-keamanan\">Partners and Vendors: Together We Maintain the Chain of Security<\/a><ol class=\"child-list\"><li><a href=\"#24-h37-ketentuan-untuk-pihak-ketiga\">Terms for third parties<\/a><\/li><\/ol><\/li><li><a href=\"#25-faq-singkat\">FAQ<\/a><\/li><li><a href=\"#26-studi-kasus-ringkas-%E2%80%9Csalah-kirim-yang-hampir-fatal%E2%80%9D\">Brief Case Study: \u201cA Near-Fatal Misdelivery\u201d<\/a><\/li><li><a href=\"#27-checklist-kepatuhan-unit-bisa-dicetak\">Unit Compliance Checklist (Printable)<\/a><\/li><li><a href=\"#28-bagaimana-peraturan-ini-sejalan-dengan-standar-dan-hukum\">How Does This Regulation Align with Standards and Laws?<\/a><ol class=\"child-list\"><li><a href=\"#29-isoiec-270012022-sni\">ISO\/IEC 27001:2022 (SNI)<\/a><\/li><li><a href=\"#30-uu-pelindungan-data-pribadi-uu-pdp\">Personal Data Protection Act (PDP Act)<\/a><\/li><\/ol><\/li><li><a href=\"#31-apa-yang-berubah-untuk-kita-sehari-hari\">What Has Changed for Us Every Day?<\/a><\/li><li><a href=\"#32-menghadapi-tantangan-umum\">Facing Common Challenges<\/a><\/li><li><a href=\"#33-sumber-resmi-amp-rujukan\">Official Sources &amp; References<\/a><\/li><li><a href=\"#34-ajakan-tindakan-call-to-action\">Call to Action<\/a><ol class=\"child-list\"><li><a href=\"#35-informasi-kontak\">Contact Information<\/a><\/li><\/ol><\/li><\/ol><\/div><\/div><\/div><\/section>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"1-mengapa-peraturan-ini-penting\">Why is this regulation important?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"2-dampak-nyata-kebocoran-data\">The real impact of data leaks<\/h3>\n\n\n\n<p>Data breaches aren&#8217;t just about &#8220;files leaking.&#8221; They can disrupt academic services, disrupt teaching and learning, impact an institution&#8217;s reputation, trigger legal sanctions, and even undermine public trust. On campus, incidents often start with simple things: sharing documents through unauthorized channels, installing unauthorized apps, using a work device without a lock screen, or using an account without dual authentication.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;Protecting personal data is the right of every citizen and the obligation of every data controller.&#8221; \u2014&nbsp;<em>Law No. 27 of 2022 concerning Personal Data Protection (PDP)<\/em><\/p>\n<\/blockquote>\n\n\n\n<p>Telkom University adopts best practices based on&nbsp;<strong>SNI ISO\/IEC 27001:2022<\/strong>&nbsp;\u2014the international standard for&nbsp;<em>Information Security Management Systems<\/em>&nbsp;(ISMS)\u2014which emphasizes a risk-based approach, technical and organizational controls, and continuous improvement&nbsp;<em>in<\/em>&nbsp;protecting&nbsp;<strong>the confidentiality<\/strong>&nbsp;,&nbsp;<strong>integrity<\/strong>&nbsp;, and&nbsp;<strong>availability<\/strong>&nbsp;of information.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"3-siapa-yang-terdampak\">Who is Affected?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-cakupan-sivitas-dan-mitra\">Coverage of community members and partners<\/h3>\n\n\n\n<p>This regulation applies to&nbsp;<strong>all members of the academic community<\/strong>&nbsp;\u2014lecturers, administrative staff, students\u2014and&nbsp;<strong>partners<\/strong>&nbsp;who manage or have access to university information assets. If you have a Tel-U account, access campus email, store research data, manage student data, or use internal applications, you are subject to this policy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"5-jenis-aset-informasi-yang-dilindungi\">Types of information assets protected<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Personal data (students, lecturers, educational staff, alumni, partners)<\/li>\n\n\n\n<li>Academic and administrative documents<\/li>\n\n\n\n<li>Research and innovation data<\/li>\n\n\n\n<li>Account credentials, API keys, service tokens<\/li>\n\n\n\n<li>Communication archives (emails, ticket systems, meeting minutes, etc.)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"6-apa-yang-diatur-dalam-peraturan\">What Does the Regulations Say?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"7-h21-klasifikasi-data-publik-internal-konfidensial\">1 Data classification: Public, Internal, Confidential<\/h3>\n\n\n\n<p>Classification helps determine&nbsp;<strong>how to store, share, and protect<\/strong>&nbsp;data.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Public<\/strong>\u00a0: information that is safe to publish (e.g. official press releases).<\/li>\n\n\n\n<li><strong>Internal<\/strong>\u00a0: only for academics\/employees, not for the public (e.g. internal memos, SOPs).<\/li>\n\n\n\n<li><strong>Confidential<\/strong>\u00a0: sensitive information (e.g. personal data, student grades, NDAs, unpublished research results).<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cData controllers are required to ensure the security of the personal data they process.\u201d \u2014&nbsp;<em>PDP Law, processing security principles<\/em><\/p>\n<\/blockquote>\n\n\n\n<p><strong>Practical tip:<\/strong>&nbsp;add a classification label to the file name or metadata (example:&nbsp;<code>Konfidensial_[NamaDokumen].pdf<\/code>).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8-h22-siklus-hidup-data-dari-awal-hingga-dimusnahkan\">2 Data life cycle from inception to destruction<\/h3>\n\n\n\n<p>Regulations emphasize&nbsp;<strong>end-to-end<\/strong>&nbsp;control :<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Collection<\/strong>\u00a0: collect data as necessary, inform the purpose of processing.<\/li>\n\n\n\n<li><strong>Storage<\/strong>\u00a0: use official media (university drive\/unified storage), encrypt if necessary.<\/li>\n\n\n\n<li><strong>Usage &amp; Sharing<\/strong>\u00a0: official channels (Tel-U email, NDE\/limited access), principle of\u00a0<em>least privilege<\/em>\u00a0.<\/li>\n\n\n\n<li><strong>Disclosure to third parties<\/strong>\u00a0: a data processing\/NDE agreement is required.<\/li>\n\n\n\n<li><strong>Destruction<\/strong>\u00a0: delete\/archive according to retention schedule and secure procedures.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"9-h23-kewajiban-pengguna-dan-unit-kerja\">3 User and work unit obligations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Maintain credentials and implement dual authentication where available.<\/li>\n\n\n\n<li>Mark and protect data according to classification.<\/li>\n\n\n\n<li>Using\u00a0<strong>campus VPN\/Wi-Fi<\/strong>\u00a0to access internal systems.<\/li>\n\n\n\n<li><strong>Do not<\/strong>\u00a0install unofficial applications on work devices.<\/li>\n\n\n\n<li>Report incidents\/suspicions to\u00a0<strong>e-Ticket PuTI<\/strong>\u00a0without delay.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"10-h24-kepatuhan-pihak-eksternal-mitravendor\">4 External party compliance (partners\/vendors)<\/h3>\n\n\n\n<p>All external parties processing Telkom University data are required to comply with this policy, sign&nbsp;<strong>an NDE\/NDA<\/strong>&nbsp;or data processing agreement, and comply with established security standards.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"11-7-langkah-mudah-mencegah-kebocoran-data-1-menit-baca\">7 Easy Steps to Prevent Data Leaks (1 Minute Read)<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Protect sensitive data<\/strong>\u00a0with encryption or passwords.<\/li>\n\n\n\n<li><strong>Share confidential documents<\/strong>\u00a0only through official channels (Tel-U\/NDE email).<\/li>\n\n\n\n<li><strong>Apply a classification label<\/strong>\u00a0to each file (Public\/Internal\/Confidential).<\/li>\n\n\n\n<li><strong>Avoid downloading\/installing<\/strong>\u00a0unofficial apps on work devices.<\/li>\n\n\n\n<li><strong>Enable automatic screen lock<\/strong>\u00a0on your work laptop\/phone.<\/li>\n\n\n\n<li><strong>Store data<\/strong>\u00a0on official university devices &amp; storage.<\/li>\n\n\n\n<li><strong>Use Tel-U Wi-Fi or official VPN<\/strong>\u00a0when accessing internal data.<\/li>\n<\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cInformation security is a shared responsibility\u2014every individual plays a role.\u201d \u2014&nbsp;<em>Telkom University PuTI Directorate<\/em><\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"12-cara-melaporkan-insiden-keamanan-informasi\">How to Report an Information Security Incident<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"13-h31-apa-yang-dimaksud-insiden\">1 What is meant by an incident?<\/h3>\n\n\n\n<p>Any event that&nbsp;<strong>has the potential<\/strong>&nbsp;to compromise the confidentiality, integrity, or availability of data\/systems. Examples:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sensitive email\/content was sent to the wrong recipient.<\/li>\n\n\n\n<li>Account feels hacked (suspicious login, unrecognized changes).<\/li>\n\n\n\n<li>Device lost\/stolen.<\/li>\n\n\n\n<li>Important files deleted\/encrypted (\u00a0<em>ransomware<\/em>\u00a0).<\/li>\n\n\n\n<li>Suspicious links\/phishing that you click on or receive.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"14-h32-kanal-resmi-aplikasi-e-ticket-puti\">2 Official channels: PuTI e-Ticket Application<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Address<\/strong>\u00a0: <code><a href=\"https:\/\/satu.telkomuniversity.ac.id\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/satu.telkomuniversity.ac.id<\/a><\/code><\/li>\n\n\n\n<li><strong>What needs to be prepared<\/strong>\u00a0: summary of the incident, time of incident, system\/account affected, initial steps taken (if any), screenshot evidence if safe.<\/li>\n\n\n\n<li><strong>Do not send personal data<\/strong>\u00a0via email\/WA replies\u2014just refer to the ticket number.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"15-h33-prinsip-3t-saat-insiden--tenang-tangkal-tiket-\">3 Principles of 3T during an incident:&nbsp;<strong>Calm, Prevent, Ticket<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Calm down<\/strong>\u00a0\u2013 stop risky activities, do not share any further sensitive information.<\/li>\n\n\n\n<li><strong>Counter<\/strong>\u00a0\u2013 change password, disconnect from public network if necessary, enable\u00a0<em>remote wipe<\/em>\u00a0on lost device.<\/li>\n\n\n\n<li><strong>Ticket<\/strong>\u00a0\u2013 create a report in PuTI e-Ticket for structured handling.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"16-perangkat-akun-dan-aplikasi-kebiasaan-aman-yang-tidak-merepotkan\">Devices, Accounts, and Apps: Hassle-Free Security Habits<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"17-h34-akun-dan-autentikasi\">1 Account and authentication<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use\u00a0<strong>a strong password<\/strong>\u00a0(mix of letters, numbers, symbols, length \u226512).<\/li>\n\n\n\n<li>Enable\u00a0<strong>MFA<\/strong>\u00a0if available.<\/li>\n\n\n\n<li>Don&#8217;t use\u00a0<strong>the same password<\/strong>\u00a0on multiple systems.<\/li>\n\n\n\n<li>Be wary of unrecognized login notifications.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"18-h35-email-amp-kolaborasi\">2 Email &amp; collaboration<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Discuss confidential data via\u00a0<strong>Tel-U email<\/strong>\u00a0or official collaboration channels.<\/li>\n\n\n\n<li>Double-\u00a0check\u00a0<strong>the recipient&#8217;s address ; use a 1\u20132 minute\u00a0<\/strong><em>delay send<\/em>\u00a0to prevent misdirection.<\/li>\n\n\n\n<li>Use\u00a0<strong>restricted access<\/strong>\u00a0when sharing files; periodically review who has access rights.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"19-h36-perangkat-kerja\">3 Work devices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Only install\u00a0<strong>trusted apps<\/strong>\u00a0and update them regularly.<\/li>\n\n\n\n<li>Enable\u00a0<strong>firewall &amp; antivirus<\/strong>\u00a0.<\/li>\n\n\n\n<li>Separate personal and work data as much as possible (separate profiles\/accounts).<\/li>\n\n\n\n<li>When presenting,\u00a0<strong>turn off notifications<\/strong>\u00a0to avoid displaying sensitive information.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"20-tanggung-jawab-unit-kerja-dari-kebijakan-ke-praktik-harian\">Work Unit Responsibilities: From Policy to Daily Practice<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"21-h25-penunjukan-pic-keamanan-informasi-unit\">1 Appointment of PIC of information security unit<\/h3>\n\n\n\n<p>It is recommended that each faculty\/directorate\/UPT appoint&nbsp;<strong>an information security PIC<\/strong>&nbsp;to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Coordinate short socializations (\u226410 minutes) at unit meetings.<\/li>\n\n\n\n<li>Consolidate questions\/complaints to PuTI.<\/li>\n\n\n\n<li>Monitor daily compliance\u00a0<em>checklist<\/em>\u00a0(VPN, classification, shared channels, etc.).<\/li>\n\n\n\n<li>Managing least privilege lists\u00a0<em>and<\/em>\u00a0periodic reviews.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"22-h26-integrasi-ke-proses-kerja\">2 Integration into work processes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Add data classification to the document template.<\/li>\n\n\n\n<li>Distribute\u00a0<strong>infographic posters<\/strong>\u00a0on internal channels (intranet, bulletin boards).<\/li>\n\n\n\n<li>Include a security reminder in the monthly meeting agenda.<\/li>\n\n\n\n<li>Use\u00a0<strong>the acknowledgement form<\/strong>\u00a0to let staff know they have read the rules.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"23-mitra-dan-vendor-bersama-menjaga-rantai-keamanan\">Partners and Vendors: Together We Maintain the Chain of Security<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"24-h37-ketentuan-untuk-pihak-ketiga\">Terms for third parties<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sign\u00a0<strong>the NDE\/NDA<\/strong>\u00a0and data processing agreement when accessing Tel-U data.<\/li>\n\n\n\n<li>Implement equivalent security controls (encryption, access control, auditing).<\/li>\n\n\n\n<li>Report security incidents involving Tel-U data\u00a0<strong>without delay<\/strong>\u00a0through official channels.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"25-faq-singkat\">FAQ<\/h2>\n\n\n\n<p><strong>Q1. What&#8217;s the difference between &#8220;Internal&#8221; and &#8220;Confidential&#8221;?<\/strong><br><em>Internal<\/em>&nbsp;is for staff only and is safe within the internal environment;&nbsp;<em>Confidential<\/em>&nbsp;has a high impact if leaked (personal data, strategies, sensitive research) and requires extra protection (encryption, restricted access).<\/p>\n\n\n\n<p><strong>Q2. Can I share files through private services?<\/strong><br>Not recommended. Use&nbsp;<strong>official university repositories<\/strong>&nbsp;. If you must collaborate with external parties, request access guidance from the PIC\/PuTI and ensure&nbsp;appropriate&nbsp;<strong>agreements are in place.<\/strong><\/p>\n\n\n\n<p><strong>Q3. I was mistakenly sent an email containing sensitive data. What should I do?<\/strong><br>Immediately&nbsp;<strong>revoke access<\/strong>&nbsp;\/retract the message if possible,&nbsp;<strong>contact the recipient<\/strong>&nbsp;to delete it, and then&nbsp;<strong>create an<\/strong>&nbsp;incident ticket. Don&#8217;t delay.<\/p>\n\n\n\n<p><strong>Q4. Is the data on my personal device included?<\/strong><br>If a personal device is used for campus work (BYOD),&nbsp;<strong>the duty of care<\/strong>&nbsp;still applies. Enable screen locks, encryption, and use only authorized channels.<\/p>\n\n\n\n<p><strong>Q5. Can I store research data in public cloud services?<\/strong><br>Follow&nbsp;<strong>the official storage policies<\/strong>&nbsp;. For confidential\/copyrighted data, consult the research unit and PuTI; ensure that access controls and data location are in place.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"26-studi-kasus-ringkas-%E2%80%9Csalah-kirim-yang-hampir-fatal%E2%80%9D\">Brief Case Study: \u201cA Near-Fatal Misdelivery\u201d<\/h2>\n\n\n\n<p>A staff member sent a spreadsheet containing participant data to an external email address due to the&nbsp;<em>auto-complete<\/em>&nbsp;feature . Fortunately, the file was labeled&nbsp;<strong>Confidential<\/strong>&nbsp;and&nbsp;<strong>password-<\/strong>&nbsp;protected . The staff member immediately reported it through&nbsp;<strong>PuTI&#8217;s e-Ticket<\/strong>&nbsp;, contacted the recipient to delete the file, and changed the password. The PuTI team closed the incident after verifying the deletion.<br><strong>Lesson learned:<\/strong>&nbsp;label + password + fast ticket = minimal impact.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"27-checklist-kepatuhan-unit-bisa-dicetak\">Unit Compliance Checklist (Printable)<\/h2>\n\n\n\n<p><strong>Every week:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Review shared folder access rights.<\/li>\n\n\n\n<li>Random test of password quality (length, uniqueness).<\/li>\n\n\n\n<li>Make sure system updates &amp; antivirus are running.<\/li>\n\n\n\n<li>Whitelist the applications that can be installed (whitelist\u00a0<em>)<\/em>\u00a0.<\/li>\n\n\n\n<li>Remind team:\u00a0<em>Tel-U VPN\/Wi-Fi for internal access<\/em>\u00a0.<\/li>\n<\/ul>\n\n\n\n<p><strong>Each month:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>10 minute socialization (classification &amp; sharing channel).<\/li>\n\n\n\n<li>Quick audit of link sharing: remove unnecessary access.<\/li>\n\n\n\n<li><em>Phishing awareness<\/em>\u00a0simulation\u00a0(in collaboration with PuTI).<\/li>\n\n\n\n<li>Secure archiving\/destruction of expired documents according to retention.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"28-bagaimana-peraturan-ini-sejalan-dengan-standar-dan-hukum\">How Does This Regulation Align with Standards and Laws?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"29-isoiec-270012022-sni\">ISO\/IEC 27001:2022 (SNI)<\/h3>\n\n\n\n<p>This standard requires organizations to implement a risk-based&nbsp;<strong>Information Security Management System (ISMS)<\/strong>&nbsp;. Essential elements include risk assessment, Annex A controls (policy, access, cryptography, vendor, resilience), and the&nbsp;<strong>Plan-Do-Check-Act<\/strong>&nbsp;cycle .<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cISO\/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an ISMS.\u201d \u2014&nbsp;<em>ISO\/IEC 27001:2022, overview<\/em><\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"30-uu-pelindungan-data-pribadi-uu-pdp\">Personal Data Protection Act (PDP Act)<\/h3>\n\n\n\n<p>The Personal Data Protection Law requires transparency, purpose limitation, data minimization, accuracy, retention limits, integrity and confidentiality, and accountability. For universities processing academic staff&#8217;s personal data, these obligations are particularly relevant\u2014from&nbsp;<strong>the legal basis<\/strong>&nbsp;for processing,&nbsp;<strong>data subject rights<\/strong>&nbsp;, to&nbsp;<strong>reporting incidents<\/strong>&nbsp;to authorities if they meet certain criteria.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cData controllers are required to notify any failure in the protection of personal data.\u201d \u2014&nbsp;<em>PDP Law, incident notification obligation<\/em><\/p>\n<\/blockquote>\n\n\n\n<p>With this university regulation, Telkom University emphasizes internal compliance with global best practices and national provisions.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"31-apa-yang-berubah-untuk-kita-sehari-hari\">What Has Changed for Us Every Day?<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Be more disciplined in choosing channels<\/strong>\u00a0: stop sharing important data via private channels; use official channels.<\/li>\n\n\n\n<li><strong>More classification awareness<\/strong>\u00a0: all documents\/units adopt standard labels.<\/li>\n\n\n\n<li><strong>Faster reporting<\/strong>\u00a0: e-Ticket as a single door for reporting and coordination.<\/li>\n\n\n\n<li><strong>More streamlined access management<\/strong>\u00a0: access rights are reviewed periodically;\u00a0<em>least privilege<\/em>\u00a0applies.<\/li>\n\n\n\n<li><strong>It&#8217;s safer to collaborate with partners<\/strong>\u00a0: contracts and controls are clear from the start.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"32-menghadapi-tantangan-umum\">Facing Common Challenges<\/h2>\n\n\n\n<p><strong>&#8220;It slows down the process.&#8221;<\/strong><br>Use document&nbsp;<em>templates<\/em>&nbsp;, structured folders with labels, and access rights automation. Once you get used to it, your work speed actually increases because the risk of errors is reduced.<\/p>\n\n\n\n<p><strong>\u201cLots of legacy applications.\u201d<\/strong><br>Prioritize access control, network segmentation, and a phased migration plan. Always install&nbsp;<em>compensating controls<\/em>&nbsp;(audit, logging, and functional restrictions).<\/p>\n\n\n\n<p><strong>\u201cI often work mobile.\u201d<\/strong><br>Use Tel-U VPN\/Wi-Fi, enable screen lock &amp; device encryption, and save work files in official, synced storage.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"33-sumber-resmi-amp-rujukan\">Official Sources &amp; References<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Telkom University Regulation Number PU.018\/LGL03\/PTI\/2025 concerning Data Leak Prevention<\/strong>\u00a0\u2013 (official campus short link).<\/li>\n\n\n\n<li><strong>SNI ISO\/IEC 27001:2022<\/strong>\u00a0\u2013\u00a0<em>Information security, cybersecurity and privacy protection \u2014 ISMS<\/em>\u00a0(summary on ISO website; full document licensed).<\/li>\n\n\n\n<li><strong>Law No. 27 of 2022 concerning Personal Data Protection (PDP Law)<\/strong>\u00a0\u2013 an official document of the government of the Republic of Indonesia.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/it.telkomuniversity.ac.id\/en\/puti-profile\/it-center-directorate\/\">Directorate of Information Technology Center<\/a>\u00a0(PuTI) Telkom University<\/strong>\u00a0\u2013 socialization channel &amp;<strong>\u00a0e-Ticket<\/strong>\u00a0:<code>https:\/\/satu.telkomuniversity.ac.id<\/code>.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>Note<\/em>&nbsp;: Some standard documents (e.g., ISO\/IEC 27001) are paid materials. Summaries\/overviews are publicly available, while the full text is available through official\/licensed channels.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"34-ajakan-tindakan-call-to-action\">Call to Action<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Read the full rules<\/strong>\u00a0and save the link.<\/li>\n\n\n\n<li><strong>Download &amp; share the infographic<\/strong>\u00a0to your unit\/faculty channel.<\/li>\n\n\n\n<li><strong>Label the documents<\/strong>\u00a0you manage starting today.<\/li>\n\n\n\n<li><strong>Check work devices<\/strong>\u00a0: screen lock, antivirus, latest updates.<\/li>\n\n\n\n<li><strong>10-minute socialization<\/strong>\u00a0at the nearest unit meeting.<\/li>\n\n\n\n<li><strong>Report the incident<\/strong>\u00a0immediately via\u00a0<strong>PuTI e-Ticket<\/strong>\u00a0.<\/li>\n<\/ol>\n\n\n\n<p>Information security doesn&#8217;t depend on a single system or team. It relies on&nbsp;<strong>small habits<\/strong>&nbsp;repeated daily\u2014by all of us. With shared discipline, Telkom University can continue to provide reliable academic services, uphold its scientific integrity, and protect the rights of its academic community.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"35-informasi-kontak\">Contact Information<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Helpdesk &amp; Reporting<\/strong>\u00a0:\u00a0<code>https:\/\/satu.telkomuniversity.ac.id<\/code>(e-Ticket PuTI)<\/li>\n\n\n\n<li><strong>Management Unit<\/strong>\u00a0: Directorate of Information Technology Center (PuTI) Telkom University<\/li>\n<\/ul>\n\n\n\n<p><strong>Conclusion:<\/strong><br>Let&#8217;s make information security a part of Tel-U&#8217;s work culture.&nbsp;<strong>Protected data<\/strong>&nbsp;means&nbsp;<strong>a secure academic future<\/strong>&nbsp;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Telkom University has issued a University Regulation on Data Leak Prevention as a shared reference for protecting the confidentiality, integrity, and availability of information on campus. Based on SNI ISO\/IEC 27001:2022 best practices and aligned with the Personal Data Protection Law, this policy applies to all academics and partners who manage or have access to information assets. This article reviews who is affected, the scope of the regulation (data classification, data lifecycle, user and unit obligations, and third-party compliance), and 7 simple preventative steps that can be implemented immediately. Also included is a guide for reporting incidents through the PuTI e-Ticket, the official channel for handling information security incidents. Use this guide as a brief socialization tool in work units, start labeling documents according to classification, use official sharing channels, and ensure access is via Telkom University Wi-Fi or VPN. Data is protected, academic services are maintained.<\/p>\n","protected":false},"author":17,"featured_media":179151,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":92,"footnotes":""},"categories":[92,3727,28],"tags":[2566,2597,2613,2606],"class_list":["post-179162","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-directorate","category-infographics","category-news","tag-itsecurity-en","tag-onlinesecurity-en","tag-websecurity-en","tag-websitesecurity-en"],"blocksy_meta":[],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/posts\/179162","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/comments?post=179162"}],"version-history":[{"count":2,"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/posts\/179162\/revisions"}],"predecessor-version":[{"id":179165,"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/posts\/179162\/revisions\/179165"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/media\/179151"}],"wp:attachment":[{"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/media?parent=179162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/categories?post=179162"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/it.telkomuniversity.ac.id\/en\/wp-json\/wp\/v2\/tags?post=179162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}