Bauer Data Security Best Practices
To inform faculty and staff of the importance in securing sensitive information in the workplace and to protect the trust bestowed upon the University of Houston’s employees by students. These practices serve to protect information resources from threats from both within and outside of the university. By setting forth responsibilities, and practices this will help the university prevent, deter, detect, respond to, and recover from compromises to these resources, and to foster an environment of secure dissemination of information.
Why is it important to follow these policies?
- Texas has one of the highest rates of identity theft in the Nation
- 2005 Identity Theft Enforcement Protection Act:
- Fines up to $50,000 Per Incident
- Civil Penalties of $500 Per Record
- Family Educational Rights and Privacy Act (FERPA)
- Federal law that protects the privacy of student education records
- Undermines basic trust of the College and University.
- System down time waste resources and reduces productivity.
Every member of the university community has a responsibility to take precautions that will help protect our information and computer systems. You are responsible to:
Antivirus and Updates
- Keep your workstation anti-virus software updated regularly. Vendors offer automatic daily updates of their virus definition files. UH employees have free access to McAfee Antivirus, available at http://www.uh.edu/infotech/php/software_downloads.php
- Make sure your anti-virus software is properly configured to scan for viruses.
- ALWAYS exercise caution when opening attachments that arrive in e-mail, even if you know the sender. Verify with the sender before opening attachments that you are not expecting. Make sure the attachment is properly described and referenced in the text of the message.
- Be cautious in clicking on links sent to you in spam messages. If the link executes a virus-infected program on your computer, yours will be infected too.
- Do not send an email containing sensitive or personal information, e.g., social security number, driver’s license number, bank account or Credit Card information.
- Remove all sensitive or personal information before replying to emails.
- Password - protect Excel spreadsheets for sensitive data that must be emailed.
- Call recipient with password or send a separate email with the password.
- While browsing the internet, avoid clicking on pop ups or visiting unfamiliar websites.
- When providing your personal information to ensure protection use secured Internet sites only – (HTTPS)
- A padlock appears in the corner of your web browser when you are using a secure site.
- Encrypt spreadsheets on desktops and laptops (Windows XP feature)
- If you require sharing of sensitive data, place it on shared drive for the recipient to access.
Passwords and Security
- Minimum password length: 8 characters
- Expire passwords every 90 days and prevent their reuse for a year
- Passwords must contain at least one character from each of the following classes:
- Alphabetic: Upper or lower case (a-z, A-Z)
- Numeric: 0-9
- Special Characters:! # % & ( ) * @ ^
- Lockout: After 5 consecutive failed login attempts an account will be locked for 30 minutes.
Do not share passwords with colleagues. Apply the same security rules to home computers and remote access. Strong passwords are A MUST for Remote Access.
Perform regular backups of critical data. UH offers free network backup system Tivoli Storage Manager (TSM) for faculty and staff. As part of the new Data Security Initiative and the College's Disaster Recovery Plan, all Bauer Faculty and Staff should be using the TSM software to backup office computers. Please contact BDT Helpdesk at 34871 to have TSM installed on your computer.
Do not throw confidential reports in the trash without shredding them first. If you have old hard drive that is no longer in working condition and is ready for discarding, please contact BDT Helpdesk so that it can be erased and properly disposed.