Data Security Do's & Don'ts 

As faculty and staff of UCF, we come in contact with personal and privileged information which require protection. To safeguard your information, your identity and institutional data, please follow these basic guidelines. 

• DO NOT copy or download restricted sensitive data (e.g., social security numbers, credit card numbers, health records, or other personal information protected by law, such as FERPA) from the University’s administrative systems to your PC, Web server, PDA, Laptop, or any other portable device. Storage of such data on portable devices is strictly prohibited, and must require VP level authorization and disk encryption.
  • DO store restricted personal data on secure servers
• DO NOT store restricted information at home. This especially includes system backup tapes.
  • DO contract with certified vendors for off-site storage.
• DO NOT store restricted sensitive information on remote third-party sites.
• DO NOT send restricted data un-encrypted using any protocol, including email. Email messages can be intercepted by third parties or mistakenly sent to the wrong addresses.
  • DO encrypt sensitive email or documents before sending via email.
• DO NOT leave restricted data in printed form (hard copy) laying around.
  • DO store restricted data in a secure cabinet.
• DO NOT leave restricted data unattended on a copier, fax or printer.
  • DO shred/cross shred restricted data that needs to be disposed.
• DO NOT download, via RDS (Reporting Database Service), PeopleSoft, or through any other means, data sets not intended for the immediate task at hand.
• DO NOT share restricted data with individuals that are not authorized to view.
• DO NOT leave a logged on workstations unattended.
• DO NOT install Peer-to-Peer file sharing software. The following software and their clones are prohibited from use anywhere on campus: Ares, Bittorrent, Audio Galaxy, Kazaa, IMesh, Morpheus, Gnutella, Bearshare, Limewire, Napster, Winmix, Edonky2000, Direct Connect, etc.
• DO NOT download programs, applets and images from unreliable and unknown sources; you might also be downloading Trojans with it.
• DO NOT dispose or transfer ownership of computers without making sure it's properly sanitized (with a hard drive erasing software.) 
• DO NOT use a computer without having an anti-virus or anti-malware software running on it.
• DO NOT neglect to make frequent backups of critical data or e-mail that you do not want to lose.
  • DO follow the email retention policy based on the Florida Public Records Law. Most email must be retained for three years.
• DO NOT open file attachments from an unsolicited email until you confirm the source by contacting the sender.
• DO NOT use easy-to-guess passwords that contains only numbers or letters, without special characters.
  • DO use a password that is a mixture of numbers, letters and special characters, and change it quarterly.
• DO NOT share passwords with anyone. Use different passwords for different internet sites as you visit them. This will make it harder for someone to guess your password by not sticking to a common password or a pattern.
• DO NOT use wireless technologies for transmitting restricted sensitive data without making certain end-to-end encryption is involved, regardless if wireless encryption is used.
  • DO use university provided VPN solution to make your wireless connection equivalent to a wired connection on campus.
• DO NOT run applications with inherent weaknesses due to old or buggy versions.
  • DO run the most up-to-date version of your web browser, browser plug-ins (e.g., Adobe flash, Java, etc.) email software and other programs.

If you have any questions about computer security or you would like to report a possible incident, please check our Report an Incident page.