|
1. Be vigilant. If something looks suspicious or doesn’t feel right – ask questions! Be aware of your surroundings so you’ll be ready if something changes. There are only a handful of us in the Information Security Office. We can’t be everywhere at once and no one knows your department like you do, so we need you to be our eyes and ears for security issues.
2. Educate yourself. Learn as much as you can about how your computer works and how it’s supposed to behave. Ignorance is not bliss when it some to computing and Information Security. If you understand how it is supposed to work, you will be better equipped to realize when the system is broken.
3. Use caution. Think twice about giving out your personal or sensitive business information or entering it on a web page. Who is asking for it? Why do they need it? If you feel uncomfortable saying “no” then direct them to another resource, such as Human Resources, your boss, or the University Service Desk (567-7777).
4. Don’t take it personally. Your University work computer is not your personal computer. Don’t store personal information on it and never use it for personal gain. Would you leave a blank check lying on your desk? Treat your computer as you would any other piece of professional equipment.
5. Safety first. Your computer is a tool and should be treated with respect. Like any tool, it must be used properly or there could be serious consequences, including data disclosures or not being able to use your computer at all. Apply the same common sense practices to Information Security that you do to the other important factors in your life.
6. Stay current. Your computer is only as secure as you make it. If your computer isn’t part of the University’s patch management system, manually patch your system by running Microsoft Update (for Windows) or Software Update (for Macintosh) weekly and install all applicable patches. Similarly, if you’re not part of the University’s managed antivirus program, you’re your computer’s antivirus current with the latest virus definition files. Attackers will have the latest and greatest tools at their disposal. You need to be equally armed.
7. Lock the door behind you. Lock your workstation when you walk away and enable a password protected screen saver to start after no more than 15 minutes of inactivity. Lock your workstation anytime you can’t see what’s on your screen or when you can’t touch your keyboard in two-steps.
8. Don’t fall asleep at the wheel. Log off your machine at the end of the day or when you leave the office for several hours. Avoid security accidents by not being logged on when you don’t need to be. Also, it’s easier for system administrators and TSRs to patch or upgrade your system if you have logged off.
9. Don’t talk to strangers. Do not open email attachments or share sensitive information with people you don’t know. If someone says they know someone else, call that someone else. Ask for credentials and verify sources. Don’t be bullied into divulging sensitive information.
10. Question authority. Network administrators and technical support personnel will never ask you for your password. Don’t comply with someone just because they sound important or make threats. No one at the University will ever legitimately ask for your password – not your boss, not your co-workers, not technical support – no one. Never share your password.
|