Secure UD Essentials
Computers and information are always at risk. Following important best practices for computer and information security can help manage the risk to your devices and data.
The following list of essential security concepts for computers, mobile devices, data, and awareness can help you think about and manage risks. Some of these essential practices are employee-specific, but everyone can benefit from practicing cyber hygiene.
For employees: The following practices form the starting point for information security, but your unit may have specific practices adapted to your needs. Be sure to check with your unit and follow applicable procedures.
Security essentials for computers
Computers include both desktop and laptop computers.
Computers are an essential tool for accessing, processing, storing, and transmitting data. These applications make client systems valuable resources, and they must be protected accordingly. Follow these steps for improving the security of your computers.
Take action! Check to make sure your computer's security settings are enabled. Employees who are interested in having these features automated and managed for their work computers may contact IT (consult@udel.edu or 302-831-6000).
Security concept
What you need to do
Resources
Anti-virus software
Install anti-virus software and scan your computer regularly. If your computer accesses, processes, stores, or transmits sensitive University information, install and run advanced anti-virus software.
Computer management
Consult your unit IT Professional about subscribing to a central or unit computer management service for your University-owned or -operated computers.
Data scans
Scan your computer to identify unencrypted sensitive University information.
Encryption
Encrypt sensitive files, including those on computers. Encrypt laptop computers with whole disk encryption.
Passwords
Configure your computer to require a password lock for device access.
Patching
Regularly check for and install system and software security patches.
Physical security
Physically secure your computer in a locked location when not in use, and never leave your laptop computer unattended in public locations.
Session suspension
Configure your computer to suspend the current session after 15 minutes of inactivity.
Security essentials for mobile devices
Mobile devices include smartphones and tablets.
Mobile devices offer a convenient way to access, process, store, and transmit data for out-of-office or in-the-field work. However, their portability and ease of use present security concerns that must be addressed to ensure that they're properly protected.
Security concept
What you need to do
Resources
Automatic erase
If your mobile device accesses, processes, stores, or transmits sensitive University information, configure it to automatically erase its memory after ten failed authentication attempts.
Backups
Regularly back up your mobile device's critical or mission critical data.
Encryption
If your mobile device accesses, processes, stores, or transmits sensitive University information, encrypt it.
Passwords
Configure your mobile device to require a password or passcode lock for device access.
Patching
Regularly check for and install system and software security patches.
Physical security
Physically secure your mobile device in a locked location when not in use, and never leave your mobile device unattended in public locations.
Remote lock, locate, erase
If your mobile device accesses, processes, stores, or transmits sensitive University information, configure it to be remotely locked, located, or erased.
Session suspension
Configure your mobile device to suspend the current session after 5 minutes of inactivity.
Security essentials for data management
Data management concerns the proper acquisition, utilization, maintenance, access, and protection of data.
Security concept
What you need to do
Resources
Access
Grant access to University information only to individuals or organizations who are authorized to access that information and for whom access to that information fulfills an operational requirement.
Disposal
Erase University information securely and in accordance with records retention plans.
Encryption
Encrypt sensitive University information at rest and in transmission.
Inventories
Inventory the sensitive University information in your care and the IT devices you use to access, process, store, or transmit that information.
Two-factor authentication (2FA)
Enable 2FA for your UDelNet account and other sensitive computing accounts.
Security essentials for awareness and training
Employee awareness and training includes all employee security-related awareness initiatives, training programs, and acknowledgements. Information security depends on the discernment and actions of individual employees, and a committment to effective employee information security awareness education is essential to establishing and developing a culture of security at the University.
Security concept
What you need to do
Resources
Education
Communicate to employees the information security needs of the unit and their responsibility to ensure unit information security compliance.
Training
Require that unit employees complete Secure UD Training annually.
