Information Security Recommended Practices
At Western, we are obligated to protect the information entrusted to us in our various roles. Below are some issues highlighted in an effort to increase security awareness among faculty, staff and students. This document is not a policy summary, so please take time to review our policies and procedures available on our website at http://www.wcsu.edu/technology.
If in doubt, don't give it out: We must protect the privacy of a student's educational records, including Student Identification Numbers (Social Security numbers). Take precautions, such as keeping printouts secure (don't leave them on an unattended printer or desk), making sure your computer screen isn't displaying confidential information to the public, etc. Use your judgment in deciding the confidentiality of documents and information available to you
Don't share your computer account: Account sharing is prohibited in almost all circumstances. You should not log in as anyone other than yourself, and you should not allow anyone to log in as you. Perhaps you need access to another person's files, calendar, etc -- ask Information Technology & Innovation support technicians for alternatives. Remember, you are responsible for all actions within your account.
Authorized use only: Our computers and network connections are provided so we can do our jobs better. It's okay to use your computers during coffee breaks, lunch hours, etc., to explore the Internet, send e-mail to friends, etc., as long as there is no additional cost to WCSU and as long as you continue to obey the policies and laws. In general, we cannot use WCSU's computers for commercial purposes.
Don't violate copyrights: Respect the ownership of proprietary software. For example, do not make unauthorized copies of such software for your own use, even when that software is not physically protected against copying. Vendor licensing regulations should be followed for all commercial software downloaded over the Internet. Trial versions of programs should be deleted after the trial period, or the software should be procured through approved procedures. When users forget or decline to properly register software downloaded over the Internet, the university can be in violation of software licenses. This may put university at severe risk of penalties, or loss of reputation if discovered. Do not add or remove software from your laptop/desktops without consulting the UC and knowing the effect of such changes on the health of your computer system
Don't be the weakest link: Security is everyone's responsibility. Supervisors and department heads need to pay attention to their employees' fulfillment of security responsibilities, as well as their own. Supervisors should encourage employees to attend training if needed. Supervisors also need to inform network managers and the Information Technology & Innovation when employees terminate. Network managers and other system administrators must make sure their systems are secure and compliant with established WCSU security standards.
Select good passwords: Names, common words, your birth date, etc. are not good password choices. Include characters such as @, $, % in your password. Choose passwords you can remember, and don't write them down. Never tell anyone else your password. Change your password periodically, and whenever you believe someone else may know it. It's not a good idea to use the same password on multiple systems.
All files are not necessarily private: As users of university system, we need to be aware that our computer use may be subject to administrative review for security purposes or in regard to a policy or legal compliance concern; computer system maintenance; audits and, or as otherwise required to protect the reasonable interests of the university and other users of the computer system.
Only YOU can prevent data loss: We need to make sure we have backup copies of our important files. Store the backup copies on network share drives. These drives are backed up on daily basis and can help retrieve your information in case of disaster.
The same principles apply: Just because information is stored electronically doesn't mean that different rules apply. Policies against harassment and/or discrimination, for example, apply to e-mail messages as well as to other communication and actions. Confidential records must be protected, whether they exist on the mainframe, your PC, on a diskette, or on paper.
Be considerate: In the "global village" of computers and networks, our actions frequently impact others. Some actions, while not illegal, nevertheless can cause problems. We should not send chain e-mail, tie up the main printer during peak periods, use more network disk space than necessary, forward messages without permission, etc. If you think there may be a security problem, please report it promptly.
Adopt prevention: Make sure that anti-virus program is running and updated with latest virus definitions at all time. If you receive a program/attachment through an email and are not 100% certain what it does, never run it. Avoid downloading programs and other material from unauthentic websites. Use of personal computer firewall (e.g. Zone Alarm, Norton Personal Firewall, Black-Ice) is highly recommended for prevention and detection against malicious activity on your system.
Respond immediately to incident: Be alert to any strange or unexpected behavior within your system. Examples include penetration of a computer system, exploitation of technical vulnerabilities, or introduction of computer viruses or other forms of malicious software. If you suspect that your computer may have been infected or compromised in any fashion, IMMEDIATELY disconnect it from the network and seek help from the Information Technology & Innovation. Do not reconnect a suspected/an infected computer until it has been examined and cleaned or rebuilt as necessary. Always inform the Information Technology & Innovation about any security compromise on your system.