IT Security Office at The University of Iowa

DO

DON’T

Choose a password that can’t be guessed – e.g., an acronym for a simple phrase with numbers randomly inserted works well  

Let anyone else login with your account and password

Change your password 2-4 times per year

Share your password with anyone (NEVER give out your password over the phone, not even to the Help Desk!)

Logoff when you leave for the day

Write your password down & stick it under your keyboard or mouse-pad, on your monitor, or in your pencil drawer

Use desktop locking during the day, e.g., a screen saver with password, or a lock workstation function.  See Best Practices web page (url below) for instructions.

“Save this Password” in your browser  (Anyone with access to your workstation could impersonate you.)

Change your password if you think someone may have learned (seen, heard) it

Look up sensitive information for others who are not authorized

DO

DON’T

Install and use anti-virus software, and keep it updated (daily or weekly)

Open (click on) attachments or links sent to you from unknown sources

Make sure the text of a note references the attachment and its purpose before opening it, and you know or have verified the sender

Keep old e-mail messages forever

Consider e-mail a “postcard”… it is NOT private unless encrypted (scrambled)

Send ids & passwords or other sensitive data in an email message

Report obscene e-mail messages, and any messages that ask you for personal information

Send harassing, threatening, abusive, insulting or offensive messages

Delete all unsolicited advertising e-mail without replying to it.  (Instructions to “remove you” will often backfire!) 

Send personal information, e.g., your name, account numbers, address, phone, or pictures of yourself to anyone you do not know personally

DO

DON’T

Question or report strangers in your area to your supervisor or to building security (…Can I help you?)

Leave confidential documents out on your desk, or on a shared printer

Lock your workstation, keyboard when you leave work for the day

Store backups in an unlocked place

Make backup copies of important documents and files on your workstation

Let others borrow your keys or University ID card to get into a secured area, or follow you into a secured area without ID

DO

DON’T

Share files with authorized personnel only

Gossip or share with others sensitive information you have access to

Obtain permission for secondary use of data (Uses other than originally approved)

Look up confidential information for co-workers who do not have the access without supervisor approval

Remove all confidential or sensitive data from your workstation before it leaves your control (To go to surplus or as a dept hand-me-down)

Store your confidential files on public or unsecured network file servers

Protect saved or printed reports that represent sensitive or confidential data 

Throw confidential reports in the trash without shredding them first 

DO

DON’T

Use excerpts with appropriate attribution (“fair use”) 

Use your co-worker’s computer disks to install software programs unless you have a license

Install and use the software licensed for everyone at the University (“site-licensed”)

Copy or share “free” music or video files that you would reasonably expect to pay for (e.g., feature films, music CD’s, e-books)

Install and use software purchased by your department for your use 

Copy software to take home with you