- Secure a University Computer
- Secure a Student Personal Computer
- Secure a Home Personal Computer
- Security Tools & Downloads
- Digital Copyright
- Safe Computing Topics
To secure a University-owned computer or other electronic device, see the Securing Private Data, Computers & Other Electronic Devices Policy. The policy requires that University private data be stored on University-owned computers. Employees may not store University private data on personally owned computers or other personally owned electronic devices.
While using your computer
A separate standard user level account should be used for daily tasks such as email and web surfing. Use of the administrative level account must be limited to those actions which require administrative access. See Administrative Privileges for additional information that you should know.
All accounts, including an account with administrative privileges should use strong passwords. Assigning a difficult to guess passwords is an important step in protecting your computer from misuse by others.
See Password Tips.
Periodically check for missing security patches by running an application (e.g, metaquark) that scans for missing patches. See Security and Tools Downloads.
Install the security patches for the operating system, when prompted to install. Some security patches may require a restart of the computer to complete the installation.
Security patches/updates must be installed as soon as possible but not more than 30 days after release by the vendor.
Application software (e.g., Adobe, Office, browser, iTunes) also needs to be patched for security holes. Install the security patches for the application software, when prompted to install. Some security patches may require a restart of the computer to complete the installation.
If the application software does not have an automatic update feature, check the vendor's site frequently and apply security patches as soon as possible or use an application (e.g, metaquark) that scans for missing patches. See Security and Tools Downloads.
Patching for designated high risk software applications is required as soon as possible but not more than 30 days after availability from vendor.
The documents, spreadsheets and the files you use should be stored on a University file server. University private data must be stored on University-owned computers. Talk to your local IT Professional staff about where to store your data. For examples of private data, see Private Data Interview Form (PDF).
If you copy data to removable media (USB flash drive, CD or DVD), the physical security of the removable media should be at least equal to that of the machine the data originated from.
To protect the data stored on these devices, encrypt them so if they are lost no one can read the information stored on the device without the encryption password.
Use an encrypted USB drive like Kanguru Defender or encryption software like TrueCrypt. See Encrypting Data for more information. Plans should also be made to allow recovery from unexpected problems.
To reduce risk associated with the web, see the recommended settings to Secure Your Web Browser.
When you are not at your desk and using your computer, anybody else could be using it instead. This gives a person the ability to install a virus, steal files, or perform actions while appearing to be you. Locking your work station and requiring a password when returning from a screen saver are excellent ways of preventing this.
Windows also give you the option to lock the workstation at any given time. To do this, simply hold down the "Windows" key and press the letter "L".
Our recommended steps can only protect you from what is known. Using safe computing practices can limit your exposure to these new things that appear on the Internet before the makers of our recommended products can produce updates to protect you.
Some safe computing practices include:
This is not an exhaustive list. There are so many computing scenarios that they could never all be recorded. When you are presented with an unknown situation, always err on the side of caution and ask your department's IT Professional for guidance on how to proceed.