Use Your Device Securely

Challenge

You shop online, update student information, or a medical record, and need to enter private data (i.e., credit card number, birth date). Cybercriminals who monitor or intercept your online activities can steal this private data.

You also have private data (i.e., academic records, your tax information, your family's information) stored on your personal device. How you use your computer or device can help protect you and others.

You want to download and use applications/apps, however, some can be harmful to your device, either by carrying malware or by directing you to a malicious website that may collect your sensitive information.

How can you protect your device, private data stored on your device or transmitted to others from your computer or device?

Solutions & Resources

        Expand all

        Use eduroam or University Wired Network

        On-campus, use eduroam or the University Wired Network.

        Do not join unknown insecure networks. Most mobile operating systems will warn if a network is insecure.

        Use the University Virtual Private Network (VPN)

        Access the University network securely – even when you're not on campus – with the University Virtual Private Network (VPN). Use a VPN when you are:

        • Using non-University WiFi networks
        • Connecting to the University network from an off-campus Internet Service Provider
        • Transmitting sensitive data into or out of University resources

        Install the University VPN software.

        University VPN

        The University of Minnesota Virtual Private Network (VPN) is a service that makes it seem (to other websites) as though you are inside the University network when you are on a network outside of the University.

        Use Web Sites That Support Encryption for Online Transactions

        Check for HTTPS. Before entering private data on any web page, check the website URL to verify that it begins with “https://” and has a small padlock icon next to it.

        Use a University-Provided Computer or Device for University Work

        The University Acceptable Use of Information Technology Resources Policy provides information on where the use of personally owned devices is appropriate for University business, including Health Care Components. University Policy requires University private data must be stored on University-owned computers or in University-approved locations.

        Where possible, employees should use a University-provided computer or device for work whether in or out of the office. Check with your department.

        Use your User-Level Account

        Use your user-level account for daily tasks such as email and web browsing. If you use Make Me Admin for temporary admin rights, your use should be limited to those actions which require administrative access (e.g., installing software). See Responsible Admin Rights.

        Always Apply Updates When Notified

        To keep your device current, enable automatic updates and install updates when notified. Some updates require a restart of the software application or the device to complete the installation.

        For mobile devices, you need to accept and apply updates provided by the device manufacturer, operating system provider, service provider, or application provider.

        You can also download individual updates if one fails or if the auto-update did not include it.

        Check for Missing Updates

        These applications help you identify missing security patches in commonly used software applications.

        • Qualys BrowserCheck for Internet Explorer, Firefox, Chrome, Safari, Opera, and many other browsers (including mobile). You need to run this tool on each browser that is installed.

        Verify Applications/Apps Before Downloading

        Use well-known trusted sources to download your applications or apps. For mobile devices, use trusted sources such as Google Play or Apple App Store.

        Understand the Risks of Using Peer-to-Peer Programs

        Peer-to-peer (P2P) and anonymous file-sharing programs (i.e. those with no password) allow users from all around the world to find and access each other's hard drives to share information such as music, movies, software, or other digital files without a central server. The programs may install other software on your computer, which can make the removal of P2P/file-sharing programs difficult.

        Never store University private data or other important University information on a computer that has P2P or other anonymous file-sharing programs installed.

        If you are authorized to use P2P or other file sharing programs for job-related purposes:

        Disable Applications and Services that You Don't Use

        Reduce security risk by limiting your device to only necessary applications and services. You will have fewer applications to update. For mobile devices, you may even conserve your device resources like battery life.

        Bluetooth is an example of a service that can open your device to unwelcome access if improperly configured.

        Securely Erase Files

        Use software to securely erase or wipe the contents of files stored on your hard drive. These include your recycle bin or trash, temporary files, and browser cache.

        Share or Transfer Documents Securely

        Use software that allows you to securely transfer or collaborate with others whether you are working with other internal to the University or external. For University private data, see instructions for how to use Box Secure Storage. Others may use the University Google Drive or Box Secure Storage.

        To securely transfer or email a single file or document, use software with the appropriate level of encryption. Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.

        Encrypt a File or Document

        These applications encrypt a single file or document prior to transferring to someone else (e.g., email to a vendor). Prior to use, verify that the application has the appropriate level of encryption for the data. Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.

        Check for Missing Security Patches

        For additional protection, scan for missing security patches for applications (programs such as Java or Adobe Reader) installed on your personal device.

        Use Security Related Browser Plug-ins

        Use browser plug-ins that help detect and warn you of suspicious web site content. Some allow you to accept the risk and continue using the web site.

        Security Related Browser Plug-ins

        These plug-ins help to protect your computer when browsing on the web.

        • NoScript in Firefox and Chrome allows JavaScript, Java, Flash, and other plugins to be executed only by trusted Web sites of your choice (e.g., your online bank).
        • uBlock Origin is used for content-filtering, including ad-blocking. Available for several browsers: Safari, Chrome, Edge, Firefox, and Opera.
        • Ghostery helps you browse smarter by giving you control over ads and tracking technologies to speed up page loads, eliminate clutter, and protect your data. Available Safari, Chrome, Edge, Firefox, Opera, Android, and iOS.
        • McAfee SiteAdvisor helps test websites for spyware, spam, and scams. This tool adds safety ratings and search results to your browser.

        Avoid Jailbreaking

        Tampering with your mobile device factory security settings makes it more susceptible to attacks, or makes it more likely that your device will attack other systems.