Things we inadvertently do every day -- like leaving a document in the copier or visible to others on the computer monitor -- can cause serious risk to individual privacy and campus computing resources. Sloppy office security practices, such as improper discarding documents containing sensitive and confidential information, password sharing, or leaving the office without locking your computer can cause information security breaches. To prevent unauthorized users from accessing your computer, or from knowing confidential information, follow the recommendations listed below. Remember, good office security practices require more than just locking the door!
Handling Printed Documents
Often overlooked, the way we handle printed documents can present serious security risks. Here are some best practices:
- Use a confetti or pulp shredder when discarding documents containing confidential or personal information. Remember, strip-shredded documents can be easily reassembled.
- Don't leave documents with personal or confidential information lying on the desk.
- Remember to lock file cabinets that contain personnel documents.
- Retrieve confidential documents immediately after sending them to the printer.
- Stay at the copier to ensure that all originals and copies are removed promptly.
- Do not delegate tasks to students or others who are not authorized to view the document content.
- Never leave confidential and sensitive documents unattended. When not being used, or if you must leave your office, secure them in a locked file cabinet or desk drawer.
Situating Workstations in the Office
Although rarely considered, poor workstation placement can create security problems. Maintain a safety zone for your workstation by following these tips:
- Locate workstations used to maintain confidential records and documents in locked offices or less-traveled, secured areas.
- Lock your workstation every time you walk away from it. (Ctrl-Alt-Delete > Lock Computer. When returning, press Crtl-Alt-Delete and input your User name if it is not displayed and your Password).
- Don't walk away from centrally located workstations with confidential documents still visible on the screen.
- For transactional terminals, always close down the screen at the end of each transaction and never walk away leaving the last transaction in full sight.
Workstations and Electronic Storage Devices
Protecting security and confidentiality means considering all the electronic mediums that contain information, and handling them safely. Here are some useful tips:
- Always lock your computer when you are away from it, even for a short period of time! Press Ctrl+Alt+Delete+Enter (or Ctrl+Alt+Delete and click on the Lock Computer button). To unlock your computer, press Ctrl+Alt+Delete and enter your network password.
- Securely wipe the hard drive(s) of every workstation before redeploying them to other staff or other departments.
- Securely wipe the hard drive(s) of every retired workstation prior to disposition.
- Store CDs and Zip disks that contain confidential information in a locked or secured location.
- Know your department’s policy on the use of USB storage devices.
Department E-Mail Boxes/Voice Mail Boxes
Department e-mail and voice mailboxes are very convenient because they can be the centralized information depositories for student requests, questions, and other department information. But the personnel who are allowed to access, read, view, or hear this confidential information should be thoughtfully considered.
- Mailboxes should be accessed only by those authorized when they receive any confidential and/or sensitive student information, such as SSNs, financial aid information, or sensitive questions about grades.
- Student assistants should not have access to a department mailbox that might contain confidential information.
- Staff employees should never “share” passwords.
- Individual responsible for retrieving the department mailbox contents should have the authority and approval to handle confidential information.
- After being retrieved from a department mailbox, messages that contain confidential information should be handled carefully. They should not be forwarded to anyone who does not have the authority to access the confidential information. And, if printed, they should not be left in the printer or on a desk or counter where they might be accessed by unauthorized individuals.
- Confidential information should not be placed in Public Folders.