UCF Compliance & Ethics Newsletter
In the Spotlight
In this edition, we’d like to highlight the following important information which has been provided by one of our compliance partners, the UCF Information Security Office:
Our online activities exposes us to cyber criminals and others who wish to commit identity theft, fraud, and harassment. Every time we connect to the Internet, at home, at work, or on our mobile device, we make decisions that affect our cybersecurity. The Information Security Office would like to remind everyone that information security is a shared responsibility, and that each of us must do our part to protect our personal and university information. To that end, the Information Security Office encourages you to adopt these recommended security best practices:
1) Federal, state, and university policies mandate certain requirements when storing or transmitting university’s Highly Restricted and Restricted data. University faculty, staff, and affiliates have a responsibility to protect university data during the course of employment, or service to the university. Please review UCF Policy 4-008.1, UCF Regulation 3.045, and FERPA requirements:
(Please copy and paste the following links into your browser)
http://policies.ucf.edu/documents/4-008.1DataClassificationAndProtection.pdf
http://regulations.ucf.edu/docs/notices/3.045SensitiveInformationFINALOct12_001.pdf
http://registrar.ucf.edu/ferpa
2) Do not place university restricted data in a personally owned cloud storage location, such as iCloud, and Google Drive.
3) Immediately report any successful or attempted security breaches to the Security Incident Response Team at sirt@ucf.edu.
4) Back up your data securely and frequently; this will minimize impact in the event of device failure.
5) Use passwords that can’t be easily guessed, and avoid using the same password on multiple accounts.
6) Never share or provide your password to anyone. Change your passwords frequently. University policy requires passwords to be changed every 60 days.
7) Log-off or shut down computers when leaving your desk or device.
8) Never respond to email or any other communication requesting personal or financial information.
9) Don’t be fooled by various phishing schemes designed to trick you into revealing personal information. Be alarmed if an email message contains an urgent request, or requires an immediate response. When in doubt call your IT support staff for assistance.
10) Never open unsolicited email attachments. Even attachments from known entities can contain malware. Confirm with the sender when in doubt.
11) Don’t click on links in email messages. Manually type the address into your browser, or use copy and paste.
12) Limit web browsing to work-related sites and don’t download or install unknown or unsolicited programs on your devices.
13) Remove all unused programs and applications.
14) Be sure your system is running the latest operating system, applications, and updated antimalware software at all times. Where appropriate, set your computer to automatically update operating system and antimalware software.
For additional information about security best practices and policies, and to download the information security brochure for faculty and staff, please visit the information security website by copying and pasting the following link into your browser:
