Security Best Practices For Faculty and staff 

Protecting restricted data

As faculty and staff of UCF, we come in contact with personal and privileged information which require protection. To safeguard your information, your identity and your university’s systems, Cyberknight insists that you follow these basic guidelines.  Cyberknight reminds you the commitment we have all made to protection and confidentiality of university information by signing confidentially agreements.

• Do not copy or download restricted data (e.g., social security numbers, credit card numbers, health records, or other personal information protected by law, such as FERPA) from the University’s administrative systems to your PC, Web server, PDA, Laptop, or any other portable device. Storage of such data on portable devices is strictly prohibited, and must require VP level authorization and disk encryption.
• Do not store restricted information at home. This especially includes system backup tapes.
• Do not send restricted data un-encrypted using any protocol, including email. Email messages can be intercepted by third parties or mistakenly sent to the wrong addresses.
• Protect restricted data in printed form. Store restricted data in a secure cabinet.
• Do not leave restricted data unattended on a copier, fax or printer. Shred restricted data that needs to be disposed.
• Do not download, via RDS (Reporting Database Service) or through any other means, data sets not intended for the immediate task at hand.
• Do not share restricted data with individuals that are not authorized to view.
• Secure your workstation (or logoff your sessions) when you leave. Do not leave a logged on workstation unattended.
• Do not install Peer-to-Peer file sharing software. The following software and their clones are prohibited from use anywhere on campus: Ares, Bittorrent, Audio Galaxy, Kazaa, IMesh, Morpheus, Gnutella, Bearshare, Limewire, Napster, Winmix, Edonky2000, Direct Connect, etc.
• Do not download programs, applets and images from unreliable and unknown sources; you might also be downloading Trojans with it.
• Make sure you sanitize (with a hard drive erasing software) any computer prior to disposal or transfer of ownership.
• Use anti-virus software and update it frequently to keep destructive programs off of your computer.
• Make sure that you regularly backup any critical data or e-mail that you do not want to lose. Follow the email retention policy based on the Florida Public Records Law. Most email must be retained for three years.
• Do not open file attachments from an unsolicited email until you confirm the source by contacting the sender. You must have updated anti-virus software running all the time.
• Use a hard-to-guess passwords that contains a mix of numbers, letters and special characters, and change it quarterly.
• Never share passwords with anyone. Use different passwords for different internet sites as you visit them. This will make it harder for someone to guess your password by not sticking to a common password or a pattern.
• Wireless technology has inherent security weaknesses, even with the Wired Equivalency Privacy (WEP) algorithm running. Therefore, we highly discourage transmission of restricted data over wireless connections. We do encourage the use of a VPN connection to the UCF VPN device before such data is transmitted.
• Use the most up to date version of your Web browser, email software and other programs.
   

If you have any questions about computer security or you would like to report a possible incident, please check our Report an Incident page.