Skip to main content
Union University

Information security

  1. Home
  2. Academics
  3. IT
  4. Secure

Information Security Awareness

IT is committed to teaching the University community how to secure our information assets.

 

Password security

Keep your password private. Never share it with anyone. Sharing your password violates the University's Acceptable Usage Policy.

  • Create your password using at least three of these four categories of characters:
    • Uppercase letters (A-Z)
    • Lowercase letters (a-z)
    • Digits (0-9)
    • Special characters ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? . /
  • Your password must be unique, meaning you cannot re-use a University password you used before.
  • Your password cannot contain spaces.
  • Your password cannot contain your name or account name in any combination of uppercase or lowercase letters.
  • Your password should be at least 8 characters long. A long password is more secure than a short password.


Change your password now at password.uu.edu

 

Social engineering

It's generally easier for a criminal to get private information from a person than from hacking into a system. This can occur through a malicious (but innocent-looking) email or an unsolicited call from someone asking for private information. Be wary! Slow down, especially when the person wants you to act quickly. Research the facts, independently verifying the contact and the request. Hover over web links so that the true address will be displayed at the bottom of the page. Watch for links that appear legitimate but are not - walmart.com vs. walmartstore.com - irs.gov vs irs.com

 

Phishing

Did you receive a suspicious-looking message sent to your university email? Wondering what to do? Did you open the link or attachment? Are you worried you'll get hacked and have your work or personal data compromised?

If you receive an email message that you're not quite sure is safe or legitimate...

  • Forward it from your university email account to phishing@uu.edu to alert IT.
  • You'll receive an auto-confirmation email from "Phishing (Do Not Reply)."
  • If any further steps are necessary, IT will contact you through the normal IT Help system.

Learn more in this excellent article that explains...

  • what to do if you've been phished (e.g., change your password using a different device)
  • how to decide if an email is legitimate
  • various kinds of phishing - smishing, vishing, pharming, etc.

You also need to watch for email hacking, even if you're cautious about phishing. Learn more at LastPass.com about these hacking signs and what to do.

  • your password has been changed
  • you see strange emails in your Sent folder
  • you have unexpected password-reset emails
  • you're getting complaints from your contacts.
 

Regulations

The University complies with federal law that regulates the security, confidentiality, and integrity of private information. Failure to comply with these regulations can can result in loss of federal financial aid for students, as well as penalties and fines for the institution and individual violators.

 

Policies

 

Mobile device security

Smartphones, tablets, and laptops are great for their mobility and convenient access to your information. That convenience comes as a cost, if it's lost or stolen. Follow these tips to keep your information (and the University's information) secure.

Enable use authentication. Turn on the screen-lock feature, with the PIN-based auto-lock timer set as low as you feel is reasonable.

Keep your operating system (OS) updated. Whether you're on a Windows PC, a Mac with OS X, an iOS-based iPhone or iPad, or an Android smartphone or tablet, stay current with the free updates that Microsoft, Apple, and Google release frequently. They often contain security patches for newly-discovered flaws in security. Restart your device, so that the updates will be completely installed and active.

Avoid public Wi-Fi. Unsecured wireless internet access is tempting to use, which makes a common target for hackers. It's relatively simple for anyone to monitor wireless network communications for credit card numbers, bank account numbers, passwords, and more. If you must use unsecured wi-fi, avoid purchases and sharing private information until when you're on a secure network.

Use a password manager. The more passwords you have and the more secure you make them, the harder they are to remember.

Password managers like LastPass and Dashlane serve as secure, centralized storage for your passwords. Making sure that only you know the password for your password manager is your master key to all your private information.

Enable multi-factor authentication (MFA). MFA adds a layer of security beyond a password. It requires you to verify your sign-in, using a different method or different device. Learn more about MFA at Union in the January 2020 Security TechBrief below.

Enable options to lock your device remotely and to wipe its data. If you can't find your device with its remote-location services (be sure that's on, too!), you can protect your information or even erase it when you believe the device has been stolen or is unrecoverable.

 

Physical information security

Information security includes protection of printed information. Keep paper documents with private information locked up in a filing cabinet or office when not in use. If a document should be shredded, do it yourself with a crosscut shredder. If that's not possible, be sure that the shredding bin is secure and that you can trust the employee/service responsible for shredding.

 

HR's Health & Benefit Fairs - Security resources

IT annually promotes information security as a participant in Human Resources' Health & Benefits Fair. Here are useful resources from the 2018 event.