Computer security is getting increasing attention from both campus administration and criminals, so we all need to understand and fulfill our obligations. Here's what you need to know:
Passwords should be more than 8 characters and include a
mixture of upper and lower case letters, numbers, and punctuation.
Sample good passwords:
Egb0y/grl/df! (every good boy
(or girl) deserves fudge).
Sh@ggy-d0g (shaggy dog).
If you need help thinking up a good password, ask any ACG staff.
You are responsible for protecting your passwords for all University systems. This includes, but is not limited to, the following:
- If you ever get a message telling you that you need to e-mail your password or fill out a web form in order to maintain access to a system (EECS, UC, bank, anything), it is almost certainly fake. Forward the message to acg@eecs, and we'll let you know if it is legitimate.
- Do not write any password down and keep it in an accessible place.
If you can't remember a password, then
- Ask us to help you construct a memorable password and useful
- Write down a hint that will enable you to remember the password, but that will not be useful to someone else.
- Ask us to help you construct a memorable password and useful hint.
- Do not share your password with anyone, in person or via email. Systems staff can do everything they need without having your password, and colleagues, workstudy students, etc. should all have their own passwords. If you need help sharing files or e-mail, ask ACG.
The California law known as SB 1386 set up special regulations for personal financial information: social security number, driver's license number, and bank account or credit information. The best way to comply with this law is not to store this information on any computer. If you need this information from someone, ask them to tell you over the telephone and then shred any no-longer-needed paper notes when you are done with them. If you receive this information in e-mail, delete the e-mail as soon as you no longer need it. (You should also secure your paper files: lock file cabinets whenever not currently in use, and remove and shred documents that you no longer need to keep.)
If you have computer files with SB-1386-protected information that you must keep, please contact ACG so we can work out the safest way to do so.
Under Federal law (FERPA), student information is also protected. Whenever possible, do not send student id numbers and names together in email. If you must send them, they should be encrypted. One way to do this is to use an Excel spreadsheet with password protection; here's how or ask ACG for help. You can also upload a file to Box and share it. The campus has a contract with Box for cloud storage, and the service has been approved for FERPA-protected data.
If you work from a laptop or home computer, you *must* not have any files containing protected data on this computer. Work-related files should remain in your home directory (H:) or shared project space and be accessed from there. If you tell your mail client to "make messages available for offline use," then those messages are stored on your computer. This is more convenient, but it is not secure; don't do it on a laptop or home computer.
Laptops, in particular, are very vulnerable to theft. Do not store *any* confidential or irreplaceable data on a laptop. We have anti-theft cables that can be used with departmental laptops; this is far from a complete solution, but does help. Contact ACG if you would like one.
You are responsible for knowing and understanding the University policies that apply to computing and electronic data. If you have any questions, ask ACG.
General Online Security Tips
Here are some general tips and advice for online security from the Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA). These may be helpful as you're dealing with your personal devices (computers, tablets, smartphones, etc.) and online services.
Jan 13, 2015 09:35