Good Practice

Use Your Device Securely

Challenge

You shop online, update student information, or a medical record, and need to enter private data (i.e., credit card number, birth date). Cyber criminals who monitor or intercept your online activities can steal this private data.

You also have private data (i.e., academic records, your tax information, your family's information) stored on your personal device. How you use your computer or device can help protect you and others.

How can you protect private data stored on your device or transmitted to others from your computer or device?

Solutions

Use the University Secure WiFi or University Wired Network

On campus, use the eduroam or UofM Secure WiFi or the UofM Wired Network.

Use the University Virtual Private Network (VPN)

Access the University network securely – even when you're not on campus – with the University Virtual Private Network (VPN). Use VPN when you are:

  • Using non-University guest WiFi networks
  • Connecting to the University network from an off-campus Internet Service Provider
  • Transmitting sensitive data into or out of University resources

Install the University VPN software and use it.

Use Web Sites That Support Encryption for Online Transactions

Check for HTTPS. Before entering private data on any web page, check the website URL to verify that it begins with “https://” and has a small padlock icon next to it.

Use a University-Provided Computer or Device for University Work

The University Acceptable Use of Information Technology Resources Policy provides information on where the use of personally owned devices is appropriate for University business, including Health Care Components. University Policy requires University private data must be stored on University-owned computers or in University approved locations.

Where possible, employees should use a University provided computer or device for work whether in or out of the office. Check with your department.

Use your User-Level Account

Use your user-level account for daily tasks such as email and web browsing. The administrative account should be limited to those actions which require administrative access (e.g., installing software). See Administrative Privileges: What you Need to Know.

Always Apply Updates When Notified

To keep your device current, enable automatic updates and install updates when notified. Some updates require a restart of the software application or the device to complete the installation.

You can also download individual updates if one fails or if the auto-update did not include it.

Securely Erase Files

Use software to securely erase or wipe the contents of files stored on your hard drive. These include your recycle bin or trash, temporary files, and browser cache.

Share or Transfer Documents Securely

Use software that allows you to securely transfer or collaborate with other whether you are working with other internal to the University or external. For University private data, see instructions for how to use Box Secure Storage. Others may use the University Google Drive. To securely transfer or email a single file or document, use software with the appropriate level of encryption. Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.

Check for Missing Security Patches

For additional protection, scan for missing security patches for applications (programs such as Java or Adobe Reader) installed on your personal device.

Use Security Related Browser Plug-ins

Use browser plug-ins that help detect and warn you of suspicious web site content. Some allow you to accept the risk and continue using the web site.

Resources

Encrypt a File or Document

These applications encrypt a single file or document prior to transferring to someone else (e.g., email to a vendor). Prior to use, verify that the application has the appropriate level of encryption for the data. Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.

Security Related Browser Plug-ins

These plug-ins help to protect your computer when browsing on the web.

  • Firefox Plugins for Enhanced Security:

    • NoScript The NoScript Firefox extension allows JavaScript, Java, Flash, and other plugins to be executed only by trusted Web sites of your choice (e.g., your online bank).

    • Adblock Plus Adblock Plus allows users to prevent page elements, such as advertisements, from being downloaded and displayed. Advertisements may contain malicious software.

  • McAfee SiteAdvisor helps test websites for spyware, spam, and scams. This tool adds safety ratings and search results to your browser.

R-Wipe & Clean

The R-Wipe & Clean software securely erases the contents of the Recycle Bin, temporary files, browser cache and more on Microsoft Windows computers.

University VPN

The University of Minnesota Virtual Private Network (VPN) is a service that makes it seem (to other websites) as though you are inside the University network when you are on a network outside of the University.

Check for Missing Updates

These applications help you identify missing security patches in commonly used software applications.