UD Seal
Secure UD Essentials

Secure UD Essentials

Computers and information are always at risk. Following important best practices for computer and information security can help manage the risk to your devices and data.

The following list of essential security concepts for computers, mobile devices, data, and awareness can help you think about and manage risks. Some of these essential practices are employee-specific, but everyone can benefit from practicing cyber hygiene.

For employees: Employees are ultimately responsible for following their unit's information security plans. The following practices are the starting point for information security, but they alone are not adequate for protecting all IT resources.

Security essentials apply to


Security essentials for computers

Computers include both desktop and laptop computers.

Computers are an essential tool for accessing, processing, storing, and transmitting data. These applications make client systems valuable resources, and they must be protected accordingly. Follow these steps for improving the security of your computers.

Security concept

What you need to do

Resources

Anti-virus software

Install anti-virus software and scan your computer regularly. If your computer accesses, processes, stores, or transmits sensitive University information, install and run advanced anti-virus software.

Backups

Regularly back up your computer's critical or mission critical data.

Computer management

Consult your unit IT Professional about subscribing to a central or unit computer management service for your University-owned or -operated computers.

Data scans

Scan your computer to identify unencrypted sensitive University information.

Encryption

Encrypt sensitive files, including those on computers. Encrypt laptop computers with whole disk encryption.

Firewalls

Enable and configure firewalls on your computer.

Passwords

Configure your computer to require a password lock for device access.

Patching

Regularly check for and install system and software security patches.

Physical security

Physically secure your computer in a locked location when not in use, and never leave your laptop computer unattended in public locations.

Session suspension

Configure your computer to suspend the current session after 15 minutes of inactivity.


Security essentials for mobile devices

Mobile devices include smartphones and tablets.

Mobile devices offer a convenient way to access, process, store, and transmit data for out-of-office or in-the-field work. However, their portability and ease of use present security concerns that must be addressed to ensure that they're properly protected.

Security concept

What you need to do

Resources

Automatic erase

If your mobile device accesses, processes, stores, or transmits sensitive University information, configure it to automatically erase its memory after ten failed authentication attempts.

Backups

Regularly back up your mobile device's critical or mission critical data.

Encryption

If your mobile device accesses, processes, stores, or transmits sensitive University information, encrypt it.

Passwords

Configure your mobile device to require a password or passcode lock for device access.

Patching

Regularly check for and install system and software security patches.

Physical security

Physically secure your mobile device in a locked location when not in use, and never leave your mobile device unattended in public locations.

Remote lock, locate, erase

If your mobile device accesses, processes, stores, or transmits sensitive University information, configure it to be remotely locked, located, or erased.

Session suspension

Configure your mobile device to suspend the current session after 5 minutes of inactivity.


Security essentials for data management

Data management concerns the proper acquisition, utilization, maintenance, access, and protection of data.

Security concept

What you need to do

Resources

Access

Grant access to University information only to individuals or organizations who are authorized to access that information and for whom access to that information fulfills an operational requirement.

Backups

Regularly back up critical or mission critical data.

Disposal

Erase University information securely and in accordance with records retention plans.

Encryption

Encrypt sensitive University information at rest and in transmission.

Inventories

Inventory the sensitive University information in your care and the IT devices you use to access, process, store, or transmit that information.

Two-factor authentication (2FA)

Enable 2FA for your UDelNet account and other sensitive computing accounts.


Security essentials for awareness and training

Employee awareness and training includes all employee security-related awareness initiatives, training programs, and acknowledgements. Information security depends on the discernment and actions of individual employees, and a committment to effective employee information security awareness education is essential to establishing and developing a culture of security at the University.

Security concept

What you need to do

Resources

Education

Communicate to employees the information security needs of the unit and their responsibility to ensure unit information security compliance.

Training

Require that unit employees complete Secure UD Training annually.