Secure a University Computer

To secure a University-owned computer or other electronic device, see the Securing Private Data, Computers & Other Electronic Devices Policy. The policy requires that University private data be stored on University-owned computers. Employees may not store University private data on personally owned computers or other personally owned electronic devices.

While using your computer


Use a Separate Account & Strong Passwords

A separate standard user level account should be used for daily tasks such as email and web surfing. Use of the administrative level account must be limited to those actions which require administrative access.  See Administrative Privileges for additional information that you should know.

All accounts, including an account with administrative privileges should use strong passwords. Assigning a difficult to guess passwords is an important step in protecting your computer from misuse by others.

See Password Tips.


Verify Security Patches & Updates are Installed

Periodically check for missing security patches by running an application (e.g, metaquark) that scans for missing patches. See Security and Tools Downloads.

Operating Systems

Install the security patches for the operating system, when prompted to install. Some security patches may require a restart of the computer to complete the installation.

Security patches/updates must be installed as soon as possible but not more than 30 days after release by the vendor.

Application Software

Application software (e.g., Adobe, Office, browser, iTunes) also needs to be patched for security holes. Install the security patches for the application software, when prompted to install. Some security patches may require a restart of the computer to complete the installation.

If the application software does not have an automatic update feature, check the vendor's site frequently and apply security patches as soon as possible or use an application (e.g, metaquark) that scans for missing patches.  See Security and Tools Downloads.

Patching for designated high risk software applications is required as soon as possible but not more than 30 days after availability from vendor.


Store Data on University File Servers

The documents, spreadsheets and the files you use should be stored on a University file server. University private data must be stored on University-owned computers. Talk to your local IT Professional staff about where to store your data. For examples of private data, see Private Data Interview Form (PDF).


Protect your USB Drives/Removable Media

If you copy data to removable media (USB flash drive, CD or DVD), the physical security of the removable media should be at least equal to that of the machine the data originated from.

To protect the data stored on these devices, encrypt them so if they are lost no one can read the information stored on the device without the encryption password.

Use an encrypted USB drive like Kanguru Defender or encryption software like TrueCrypt. See Encrypting Data for more information. Plans should also be made to allow recovery from unexpected problems.


Secure Your Web Browser

To reduce risk associated with the web, see the recommended settings to Secure Your Web Browser.


Prevent Unauthorized Use

When you are not at your desk and using your computer, anybody else could be using it instead. This gives a person the ability to install a virus, steal files, or perform actions while appearing to be you. Locking your work station and requiring a password when returning from a screen saver are excellent ways of preventing this.

Windows also give you the option to lock the workstation at any given time. To do this, simply hold down the "Windows" key and press the letter "L".


Use Safe Computing Practices

Our recommended steps can only protect you from what is known. Using safe computing practices can limit your exposure to these new things that appear on the Internet before the makers of our recommended products can produce updates to protect you.

Some safe computing practices include:

This is not an exhaustive list. There are so many computing scenarios that they could never all be recorded. When you are presented with an unknown situation, always err on the side of caution and ask your department's IT Professional for guidance on how to proceed.