Things we can do to ensure the best security for our personal, administrative, academic, and research data:
1. Beware the Phish
Phishing scams typically come as an email, look like they are from a source that you may trust, may try to scare/intimidate you into doing something or giving away information that you normally would keep to yourself.
General guidelines to protect yourself are:
Don’t click on email links in emails you weren't expecting.
Double check the sender - is it someone you know/trust?
If it sounds too good to be true, it is! Delete the message without responding.
2. Password Safety
Create passwords that are easy to remember but hard to guess. How do you do that? Try using initial characters and words of a phrase you will remember.
At UVM, passwords must follow minimum requirements like minimum length and using multiple character types (upper case, lower case, numbers and symbols).
Consider using passphrases - think of a nonsensical statement that you will remember but won’t make sense to anyone else.
NEVER use your name, children’s names, pet names, etc. - those things are too easy to guess and too easy to find via social media.
NEVER share your password with ANYONE.
3. Different Passwords for Different Accounts
Recycling is good for the environment but shouldn't be applied to passwords. Don't use the same password for multiple accounts.
If your credentials are compromised and you have used those same names/passwords for work, online banking, online purchases, etc. then those other accounts are now also at risk.
4. IT Support Staff Wants to Help
Really. We do. If you think your credentials have been compromised - through your actions or not – change your password immediately, then tell us. We can help you to minimize any damage. Call the Information Security Office at 802-656-2006 or email iam@uvm.edu and we’ll help. No judgment. No stress.
If you aren't sure if it’s a scam, ask. We will do our best to determine the safety of the communication you received. Forward a copy to abuse@uvm.edu with its headers intact (if possible) and we’ll take a look.
Don't know how to accomplish a technology task safely and securely? Not sure what protections are required? Ask. We will work with you to find the answers.
5. Malware is Bad
Is your computer slow? Do you see pop-ups, or do you have annoying things happen that you don't think you initiated? Those are some classic signs of malware. But malware can also be very sneaky and secretive, and you may not know you have it.
What's the first line of defense? You. Malware can be passed in the same way viruses can transmitted - by using infected USB sticks, opening infected attachments, visiting infected websites. Stay cautious and do your best to avoid risky behaviors.
If you think you may have malware on your computer, reach out to the UVM Tech Team for helptechteam@uvm.edu. Never call any phone numbers displayed on the infected computer claiming to be support.
6. Encryption is Good
By University policy, all university purchased computers need to be encrypted using Bitlocker (Windows) or FileVault (MacOS) whole disk encryption. Encryption makes the contents of your hard drive unreadable without a valid passphrase and thus protects any data that may be on that hard drive.
For encryption to protect information, proper usage is necessary - it should be installed, enrolled, and set to encrypt.
Even if your device isn’t owned by UVM, you have some options for encrypting it in Windows and MacOS.
7. Don't Forget Physical Security
Lock it up.
Lock it down.
Don't leave it alone.
Don't leave it in your car.
Don't lose it.
Don't let your kids/spouse/parents/babysitter/acquaintances/best friends use it.
8. Updates and Patches
It’s critically important to keep your devices up to date – modern device management solutions make this relatively painless for most users and provide them with some flexibility about when updates are applied to minimize disruption.
For UVM-owned and managed devices, Enterprise Technology Services (ETS) uses a variety of tools to manage operating system and other software and policy updates on enrolled devices - all those updates and patches help protect you and your data.
Keep your personal devices up to date as well – be sure to let the operating system on your computers and mobile devices (Windows, MacOS, iOS, Android, etc) download and install updates as soon as possible when they become available.
9. Lost or Stolen equipment
First, you need to tell someone. Really. You do.
If the device has been stolen, first contact UVM Police Services at police@uvm.edu or 802-656-3473. Once you’ve done so, reach out to the Information Security Office (ISO) by emailing iso@uvm.edu if your device might have contained sensitive data. The ISO is going to have lots of questions about what the device had, or may have had, on it. Be patient - we need to know because we care.
Don't forget that it is a policy requirement to secure UVM data that you have been entrusted with, and to report the loss of that data if it occurs. It’s not always fun but it does have to be done. The University has rules that it, too, must follow. Help us do that.
10. Policy, Rules, Guidelines, Compliance, Regulation, Requirements
Different data has different needs. You need to be aware of those security needs and fit your actions and processes to accommodate those requirements.
The following is a short - but not comprehensive - list:
Minimally, all information at the University is subject to the policies of the University, including the Computer, Communication, and Network Acceptable Use Policy and the Information Security Policy.
Additionally, there may be local guidelines you must follow based on the rules set by your data steward.
Research data may be subject to federal, state or other regulations based on data type and granting agency requirements.
Student data is subject to FERPA.
Inquire about the requirements needed for the information you work with. If you don't know, ask. It is everyone's responsibility to protect information in our keeping.
