uhs-wordmark

Security Tips & Best Practices

Keeping your system and data secure by following good security practices can help others in the University community benefit from decreased risk. The following security best practices have been sorted based on your needs.

How To Be Secure

Secure Your Office

  • When leaving, lock the door and keep unauthorized users away from systems.
  • Keep all media containing confidential information in a secure place.
  • Keep any paper records of passwords in a secure place.
  • Avoid applications that use excessive bandwidth.
  • Turn computers off when leaving for the day, or during extended periods of inactivity, unless a special need requires that they stay on.

Secure Your Computer

  • Password-protect your screen saver in high traffic or insecure areas and on mobile devices. When changing your password, make sure you change it everywhere you may have your credentials stored.
  • Close applications and log out when you're away from your computer for any length of time.
  • Install and maintain anti-virus and anti-malware software and update the definitions regularly. Scan all removable media for viruses before using them.
  • Keep systems updated with all of the current security patches. Where possible, turn on automatic updates to apply operating system security updates. When using images to support multiple systems, be sure the image is updated regularly with all applicable patches and virus definitions. Check regularly for updates to third party applications such as Adobe, Flash, Java, etc., or consider using an automated patching solution. Automatic updates offered by Windows and Macs do not always patch these applications.

Secure Your Data

  • Backup systems thoroughly and often, and store your backups in a separate secure location. When dealing with mission critical data, considering following the rule of 3-2-1. There should be 3 copies of data, on 2 different media, with 1 copy being off-site. UIT provides Tivoli Storage Manager, a free backup service for faculty and staff computers.
  • Do not save sensitive information to portable drives. Be sure to encrypt sensitive data wherever it is stored.

Secure Your Email

  • Verify the contents of any email attachment before opening and never open attachments from unknown persons.
  • Do not respond to any email requesting confidential information (username, password, social security number, etc.). Legitimate businesses will never ask for this information via email.
  • Delete messages that you no longer need - some common practices include emptying your trash and outgoing mail folders.
  • Report spam, or suspect messages to security@uh.edu.
  • Change your password at least once a month using the UIT strong password guidelines.

Tips for IT Administrators

  • Limit the use of administrator privileges. Restricting access rights in this way will help prevent the potential installation of malware and other unwanted software by unsuspecting users.
  • Keep systems updated with all of the current security patches. Where possible, turn on automatic updates to apply operating system security updates. When using images to support multiple systems, be sure the image is updated regularly with all applicable patches and virus definitions.
  • Delete all data from computers before they are sent to property management.
  • Enable computer firewalls. Mac and Windows computers come with built-in firewalls.
  • Ensure that all users complete Security Awareness Training.
  • Enforce policies to prevent the installation of unlicensed/unapproved software.