Good Practice

Use Your Device Securely

Challenge

You shop online, update student information, or a medical record, and need to enter private data (i.e., credit card number, birth date). Cyber criminals who monitor or intercept your online activities can steal this private data.

You also have private data (i.e., academic records, your tax information, your family's information) stored on your personal device. How you use your computer or device can help protect you and others.

You want to download  and use applications/apps, however some can be harmful to your device, either by carrying malware or by directing you to a malicious website that may collect your sensitive informaiton.

How can you protect your device, private data stored on your device or transmitted to others from your computer or device?

Solutions

Use eduroam or University Wired Network

On campus, use eduroam or the University Wired Network.

Do not join unknown insecure networks. Most mobile operating systems will warn if a network is insecure.

Use the University Virtual Private Network (VPN)

Access the University network securely – even when you're not on campus – with the University Virtual Private Network (VPN). Use VPN when you are:

  • Using non-University WiFi networks
  • Connecting to the University network from an off-campus Internet Service Provider
  • Transmitting sensitive data into or out of University resources

Install the University VPN software.

Use Web Sites That Support Encryption for Online Transactions

Check for HTTPS. Before entering private data on any web page, check the website URL to verify that it begins with “https://” and has a small padlock icon next to it.

Use a University-Provided Computer or Device for University Work

The University Acceptable Use of Information Technology Resources Policy provides information on where the use of personally owned devices is appropriate for University business, including Health Care Components. University Policy requires University private data must be stored on University-owned computers or in University approved locations.

Where possible, employees should use a University provided computer or device for work whether in or out of the office. Check with your department.

Use your User-Level Account

Use your user-level account for daily tasks such as email and web browsing. The administrative account should be limited to those actions which require administrative access (e.g., installing software). See Administrative Privileges: What you Need to Know.

Always Apply Updates When Notified

To keep your device current, enable automatic updates and install updates when notified. Some updates require a restart of the software application or the device to complete the installation.

For mobile devices, you need to accept and apply updates provided by the device manufacturer, operating system provider, service provider, or application provider.

You can also download individual updates if one fails or if the auto-update did not include it.

Verify Applications/Apps Before Downloading

Use well-known trusted sources to download your applications or apps. For mobile devices, use trusted sources such as Google Play or Apple App Store.

Understand the Risks of Using Peer-to Peer Programs

Peer-to-peer (P2P) and anonymous file sharing programs (i.e. those with no password) allow users from all around the world to find and access each others hard drives to share information such as music, movies, software, or other digital files without a central server. The programs may install other software on your computer, which can make removal of P2P/file sharing programs difficult.

Never store University private data or other important University information on a computer that has P2P or other anonymous file sharing programs installed.

If you are authorized to use P2P or other file sharing programs for job related purposes:

Disable Applications and Services that You Don't Use

Reduce security risk by limiting your device to only necessary applications and services. You will have fewer applications to update. For mobile devices, you may even conserve your device resources like battery life.

Bluetooth is an example of a service that can open your device to unwelcome access if improperly configured.

Securely Erase Files

Use software to securely erase or wipe the contents of files stored on your hard drive. These include your recycle bin or trash, temporary files, and browser cache.

Share or Transfer Documents Securely

Use software that allows you to securely transfer or collaborate with other whether you are working with other internal to the University or external. For University private data, see instructions for how to use Box Secure Storage. Others may use the University Google Drive or Box Secure Storage.

To securely transfer or email a single file or document, use software with the appropriate level of encryption. Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.

Check for Missing Security Patches

For additional protection, scan for missing security patches for applications (programs such as Java or Adobe Reader) installed on your personal device.

Use Security Related Browser Plug-ins

Use browser plug-ins that help detect and warn you of suspicious web site content. Some allow you to accept the risk and continue using the web site.

Avoid Jailbreaking

Tampering with your mobile device factory security settings makes it more susceptible to attacks, or makes it more likely that your device will attack other systems.

Resources

Encrypt a File or Document

These applications encrypt a single file or document prior to transferring to someone else (e.g., email to a vendor). Prior to use, verify that the application has the appropriate level of encryption for the data. Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.

Security Related Browser Plug-ins

These plug-ins help to protect your computer when browsing on the web.

  • NoScript in Firefox and Chrome allows JavaScript, Java, Flash, and other plugins to be executed only by trusted Web sites of your choice (e.g., your online bank).
  • uBlock Origin  is used for content-filtering, including ad-blocking. Available for several browsers: Safari, Chrome, Edge, Firefox, and Opera.
  • Ghostery helps you browse smarter by giving you control over ads and tracking technologies to speed up page loads, eliminate clutter, and protect your data. Available Safari, Chrome, Edge, Firefox, Opera, Android and iOS.
  • McAfee SiteAdvisor helps test websites for spyware, spam, and scams. This tool adds safety ratings and search results to your browser.

R-Wipe & Clean

The R-Wipe & Clean software securely erases the contents of the Recycle Bin, temporary files, browser cache and more on Microsoft Windows computers.

University VPN

The University of Minnesota Virtual Private Network (VPN) is a service that makes it seem (to other websites) as though you are inside the University network when you are on a network outside of the University.

Check for Missing Updates

These applications help you identify missing security patches in commonly used software applications.