Use Your Device Securely

On-campus, use eduroam or the University Wired Network.

Do not join unknown insecure networks. Most mobile operating systems will warn if a network is insecure.

Access the University network securely – even when you're not on campus – with the University Virtual Private Network (VPN). Use a VPN when you are:

• Using non-University WiFi networks.
• Connecting to the University network from an off-campus Internet Service Provider.
• Transmitting sensitive data into or out of University resources.

Install the University VPN software.

University VPN

The University of Minnesota Virtual Private Network (VPN) is a service that makes it seem (to other websites) as though you are inside the University network when you are on a network outside of the University.

Check for HTTPS. Before entering private data on any web page, check the website URL to verify that it begins with “https://” and has a small padlock icon next to it.

The University Acceptable Use of Information Technology Resources Policy provides information on where the use of personally owned devices is appropriate for University business, including Health Care Components. University Policy requires University private data must be stored on University-owned computers or in University-approved locations.

Where possible, employees should use a University-provided computer or device for work whether in or out of the office. Check with your department.

Use your user-level account for daily tasks such as email and web browsing. If you use Make Me Admin for temporary admin rights, your use should be limited to those actions which require administrative access (e.g., installing software). See Responsible Admin Rights.

To keep your device current, enable automatic updates and install updates when notified. Some updates require a restart of the software application or the device to complete the installation.

For mobile devices, you need to accept and apply updates provided by the device manufacturer, operating system provider, service provider, or application provider.

You can also download individual updates if one fails or if the auto-update did not include it.

Check for Missing Updates

These applications help you identify missing security patches in commonly used software applications.

• Qualys BrowserCheck for Internet Explorer, Firefox, Chrome, Safari, Opera, and many other browsers (including mobile). You need to run this tool on each browser that is installed.

Use well-known trusted sources to download your applications or apps. For mobile devices, use trusted sources such as Google Play or Apple App Store.

Peer-to-peer (P2P) and anonymous file-sharing programs (i.e. those with no password) allow users from all around the world to find and access each other's hard drives to share information such as music, movies, software, or other digital files without a central server. The programs may install other software on your computer, which can make the removal of P2P/file-sharing programs difficult.

Never store University private data or other important University information on a computer that has P2P or other anonymous file-sharing programs installed.

If you are authorized to use P2P or other file sharing programs for job-related purposes:

• Comply with copyright law. See Use Copyright Material Legally.
• Disable outbound sharing on the program.

Reduce security risk by limiting your device to only necessary applications and services. You will have fewer applications to update. For mobile devices, you may even conserve your device resources like battery life.

Bluetooth is an example of a service that can open your device to unwelcome access if improperly configured.

Use software to securely erase or wipe the contents of files stored on your hard drive. These include your recycle bin or trash, temporary files, and browser cache.

Use software that allows you to securely transfer or collaborate with others whether you are working with other internal to the University or external. For University private data, see instructions for how to use Box Secure Storage. Others may use the University Google Drive or Box Secure Storage.

To securely transfer or email a single file or document, use software with the appropriate level of encryption. Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.

Encrypt a File or Document

These applications encrypt a single file or document prior to transferring to someone else (e.g., email to a vendor). Prior to use, verify that the application has the appropriate level of encryption for the data. Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.

• Box Secure Storage
• 7-Zip
• AxCrypt

For additional protection, scan for missing security patches for applications (programs such as Java or Adobe Reader) installed on your personal device.

Use browser plug-ins that help detect and warn you of suspicious web site content. Some allow you to accept the risk and continue using the web site.

Security Related Browser Plug-ins

These plug-ins help to protect your computer when browsing on the web.

• NoScript in Firefox and Chrome allows JavaScript, Java, Flash, and other plugins to be executed only by trusted Web sites of your choice (e.g., your online bank).
• uBlock Origin is used for content-filtering, including ad-blocking. Available for several browsers: Safari, Chrome, Edge, Firefox, and Opera.
• Ghostery helps you browse smarter by giving you control over ads and tracking technologies to speed up page loads, eliminate clutter, and protect your data. Available Safari, Chrome, Edge, Firefox, Opera, Android, and iOS.
• McAfee SiteAdvisor helps test websites for spyware, spam, and scams. This tool adds safety ratings and search results to your browser.

Tampering with your mobile device factory security settings makes it more susceptible to attacks, or makes it more likely that your device will attack other systems.