An information security tip sheet for students and staff
1. Never reveal or share your <Company> password or security question; refrain from writing them down for safekeeping (if you do, make sure that they are under lock and key).
Why? Your <Company> password is used to access e-mail and many systems such as AS400 — where sensitive data, including your individual records or private information, is available. Update your passwords from time to time, especially if you feel your security has been compromised.
2. Lock your computer or log off completely whenever you leave your workstation; do not rely on it to lock on its own.
If you remain logged in to your computer while you are away from it, anyone could install malicious software or steal confidential information. This access could permit someone to impersonate you. Adopt secure practices by always locking your computer whenever you step away from it for any period of time.
3. Never store personal or important information on your local drives; use network storage instead.
<Company> network drives are among the most secure places to store data and securely back up all files.
4. To access your e-mail securely, use encryption.
When checking your e-mail at an Internet café, hotel room, airport or from home, use one of the following methods to ensure the information you’re sending is encrypted:
- Outlook Web Access (OWA) via the my<Company> portal;
- Microsoft Outlook client configured for RPC/HTTPS;
- Microsoft Outlook client after starting a VPN connection.
5. E-mailing any kind of personal information must be done with prudence.
Personal information copied into e-mail destined for non-<Company> addresses should be avoided. Redirecting or forwarding your e-mail to non-<Company> addresses is not advised, especially if you deal with personal data regularly. Senders should be aware that even when destination addresses end in <Company>, e-mail may end up being forwarded to non-<Company> mailboxes.
6. Don’t use USB keys, CDs or laptop drives for sensitive data.
USB keys are very convenient and highly portable, which means they can be easily lost and potentially fall into the wrong hands. For those who must transport files from computer to computer, consult the IT Knowledge Base to learn how to encrypt data when using a USB key, burning CDs or copying data onto laptop drives.
7. Immediately report lost or stolen items like laptops, mobiles, USB keys and ID cards through the appropriate channels.
Call xxxxx or file a theft/loss report with <Company> Security Services. For other lost or stolen items on campus, please read Reporting Security Incidents in the IT Knowledge Base. Be proactive by immediately reporting recovered laptops or other items you find and by protecting your laptop with Security Services’ STOP program (Security Tracking of Office Property).
8. Verify the security of online payment systems you use.
Secure and trusted websites are essential for making online payments. A secure and trusted website has an address that begins with https:// and is a known and trusted site. Making a transaction on a site that meets only one of these conditions is not recommended.
9. Limit your printouts to information that is not sensitive.
A conservative approach is both smart and green. Choose secure printing practices and avoid printing personal records. For networked printers, set up printers so that retrieving printouts requires a password. Destroy all documents that contain personal or restricted information by shredding them.
10. Secure your computers by checking for software updates each month — especially up-to-date antivirus software.
For antivirus software, consult the Antivirus Software service description in the IT Knowledge Base. Consult your LAN manager or ICS Service Desk to ensure you have a firewall and the latest anti-phishing and anti-spyware applications installed. Do not open unexpected e-mails, even from someone you know. Do not reply to any e-mailed requests for personal information. Do not open attachments with executable extensions: .zip, .bat, .vbs, .shs, .pif or .scn.