You probably saw this in Ann's all-OIT email last week, but it's important and I wanted to repeat it here:
OIT’s senior management team has charged a committee from various areas across the department to address necessary OIT workstation security improvements. It is the senior management team’s position that OIT should be a leader in upholding University computer security standards.
OIT Security has identified several practices currently being used on OIT computers that could lead to security breaches:
- Use of secondary applications such as Flash, QuickTime, Acrobat, and Java that are not up-to-date with security patches are a leading contributor to computer infections.
- Excess old data files
- Unlocked and unattended workstations
- Machines routinely run with administrative privileges when not needed
- Non-encrypted laptops
- Excess personal use of University computers can lead to susceptibility from unsecured Web sites and malware
By becoming early adopters and leaders of responsible and secure computing practices at the University, OIT is positioned to set the example for the rest of the University. What can you as an individual do to help raise computer security awareness and keep University computers and data more secure? Here are just a few ways:
- Lock your computer when you leave your work area
- Delete your temporary and cached files
- Reduce the amount of private data stored on desktop and laptop computers
- Managers should make sure that all laptops in their areas are encrypted
- Reduce the time running your computer as administrator and other high-risk practices
In addition, the committee is working on plans to address these issues. Much of the work to be done as identified by the committee will be performed by FAST staff. FAST staff also will continue to encrypt Mac laptops, and plans to push more secondary application updates to Windows clients are being developed, as well. The plan is to have the identified issues significantly mitigated by March 15.
We need to realize that, as part of Operations and Infrastructure, we support the most critical components of the University enterprise: databases, production services, data center, systems administration, storage, backups, disaster recovery planning. As such, it is even more important for us to protect access to our systems. Please take a moment this week to review your security settings. In particular, set your screensaver to lock your screen if you are away. That way, your computer should be safe even if you forget to lock your screen or logout when you go to meetings.