ACG User Security Tips

Computer security is getting increasing attention from both campus administration and criminals, so we all need to understand and fulfill our obligations. Here's what you need to know:

UCB Campus Security Page

Passwords

Passwords should be more than 8 characters and include a mixture of upper and lower case letters, numbers, and punctuation. Sample good passwords: Egb0y/grl/df! (every good boy (or girl) deserves fudge). Sh@ggy-d0g (shaggy dog). If you need help thinking up a good password, ask any ACG staff.

You are responsible for protecting your passwords for all University systems. This includes, but is not limited to, the following:

Information Privacy

The California law known as SB 1386 set up special regulations for personal financial information: social security number, driver's license number, and bank account or credit information. The best way to comply with this law is not to store this information on any computer. If you need this information from someone, ask them to tell you over the telephone and then shred any no-longer-needed paper notes when you are done with them. If you receive this information in e-mail, delete the e-mail as soon as you no longer need it. (You should also secure your paper files: lock file cabinets whenever not currently in use, and remove and shred documents that you no longer need to keep.)

If you have computer files with SB-1386-protected information that you must keep, please contact ACG so we can work out the safest way to do so.

Under Federal law (FERPA), student information is also protected. Whenever possible, do not send student id numbers and names together in email. If you must send them, they should be encrypted. One way to do this is to use an Excel spreadsheet with password protection; here's how or ask ACG for help. You can also upload a file to Box and share it. The campus has a contract with Box for cloud storage, and the service has been approved for FERPA-protected data.

If you work from a laptop or home computer, you *must* not have any files containing protected data on this computer. Work-related files should remain in your home directory (H:) or shared project space and be accessed from there. If you tell your mail client to "make messages available for offline use," then those messages are stored on your computer. This is more convenient, but it is not secure; don't do it on a laptop or home computer.

Laptops, in particular, are very vulnerable to theft. Do not store *any* confidential or irreplaceable data on a laptop. We have anti-theft cables that can be used with departmental laptops; this is far from a complete solution, but does help. Contact ACG if you would like one.

Policies

You are responsible for knowing and understanding the University policies that apply to computing and electronic data. If you have any questions, ask ACG.

General Online Security Tips

Here are some general tips and advice for online security from the Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA). These may be helpful as you're dealing with your personal devices (computers, tablets, smartphones, etc.) and online services.


janp@eecs
Monday, 13-Jan-2014 12:19:04 PST


EECS Administrative Computing Group | acg@eecs.berkeley.edu
University of California, Berkeley