Secure a University Computer
To secure a University-owned computer or other electronic device, see the Securing Private Data, Computers & Other Electronic Devices Policy. The policy requires that University private data be stored on University-owned computers. Employees may not store University private data on personally owned computers or other personally owned electronic devices.
While using your computer
- Use a Separate Account & Strong Passwords
- Verify Security Patches and Updates are Installed
- Store Data on University File Servers
- Protect your USB Drives/Removable Media
- Secure Your Web Browser
- Prevent Unauthorized Use
- Use Safe Computing Practices
Use a Separate Account & Strong Passwords
A separate standard user level account should be used for daily tasks such as email and web surfing. Use of the administrative level account must be limited to those actions which require administrative access. See Administrative Privileges for additional information that you should know.
All accounts, including an account with administrative privileges should use strong passwords. Assigning a difficult to guess passwords is an important step in protecting your computer from misuse by others.
See Password Tips.
Verify Security Patches & Updates are Installed
Periodically check for missing security patches by running an application (e.g, metaquark) that scans for missing patches. See Security and Tools Downloads.
Install the security patches for the operating system, when prompted to install. Some security patches may require a restart of the computer to complete the installation.
Security patches/updates must be installed as soon as possible but not more than 30 days after release by the vendor.
Application software (e.g., Adobe, Office, browser, iTunes) also needs to be patched for security holes. Install the security patches for the application software, when prompted to install. Some security patches may require a restart of the computer to complete the installation.
If the application software does not have an automatic update feature, check the vendor's site frequently and apply security patches as soon as possible or use an application (e.g, metaquark) that scans for missing patches. See Security and Tools Downloads.
Patching for designated high risk software applications is required as soon as possible but not more than 30 days after availability from vendor.
Store Data on University File Servers
The documents, spreadsheets and the files you use should be stored on a University file server. University private data must be stored on University-owned computers. Talk to your local IT Professional staff about where to store your data. For examples of private data, see Private Data Interview Form (PDF).
Protect your USB Drives/Removable Media
If you copy data to removable media (USB flash drive, CD or DVD), the physical security of the removable media should be at least equal to that of the machine the data originated from.
To protect the data stored on these devices, encrypt them so if they are lost no one can read the information stored on the device without the encryption password.
Use an encrypted USB drive like Kanguru Defender or encryption software like TrueCrypt. See Encrypting Data for more information. Plans should also be made to allow recovery from unexpected problems.
Secure Your Web Browser
To reduce risk associated with the web, see the recommended settings to Secure Your Web Browser.
Prevent Unauthorized Use
When you are not at your desk and using your computer, anybody else could be using it instead. This gives a person the ability to install a virus, steal files, or perform actions while appearing to be you. Locking your work station and requiring a password when returning from a screen saver are excellent ways of preventing this.
Windows also give you the option to lock the workstation at any given time. To do this, simply hold down the "Windows" key and press the letter "L".
Use Safe Computing Practices
Our recommended steps can only protect you from what is known. Using safe computing practices can limit your exposure to these new things that appear on the Internet before the makers of our recommended products can produce updates to protect you.
Some safe computing practices include:
- Never open an e-mail attachment from a questionable source. If you receive an unexpected attachment from a trusted source, contact the sender and ask them if they meant to send you this. Many virus will send you attachments while posing as someone you may know.
- Maintain multiple strong passwords. Don't use the same password for your online banking that you do for your e-mail. This could open you to serious risk. Check the strong passwords section for more guidance on picking a password.
- To securely transfer files with collaborators internal or external to the University, see Transferring Documents Securely Using NetFiles on the University NetFiles web site.
- Do not download and run files you receive from chat buddies without first making sure that the person intentionally sent you the message.
- Whenever you download software, make sure you read the user agreement. Many programs that you download from the Internet come with unwanted programs known as spyware.
- When working from home or via a wireless connection, use virtual private networking (VPN). Using VPN will provide you a secure connection directly to the University network and help prevent a possible attacker from reading sensitive information in transit. Use the VPN prior to starting Remote Desktop Protocol (RDP) to connect to a Microsoft Windows computer on campus. This software can be downloaded from VPN Web site.
- To protect the privacy of faculty, staff, and students on a daily basis, the university recommends installing R-Wipe & Clean on all University-owned Windows PCs. This software will securely erase the contents of the Recycle Bin, temporary files, browser cache, etc.
This is not an exhaustive list. There are so many computing scenarios that they could never all be recorded. When you are presented with an unknown situation, always err on the side of caution and ask your department's IT Professional for guidance on how to proceed.