Office of Educational Technology
Data Security
Become familiar with steps you can take and some resources available to you to protect your data from unauthorized access. Data security guidelines are discussed in detail on IT’s security site.
No matter what type of data we use, store, or manage for the University, it is valuable to us and others and it important that we safeguard it. Please note that in reviewing the following steps, policies vary among Colleges and if you have questions about this information, you should consult with OET for guidance.
When an Employee Leaves Your Unit or UD
Mail Accounts
Information Technologies (IT) will delete an employee’s mail account after he or she leaves the University, unless the employee retires from the University or graduated from the University after January 2011. In these two cases, the employee is entitled to keep only a Google email account.
Retired employees or graduates who leave the University may not have a Win Exchange account. Employees who plan to leave the University and who are on Win Exchange should open a ticket with OET two weeks before they leave by completing the technical support request form on OET’s website.
The Office of Educational Technology will arrange for the migration of Exchange mail to the employee’s Google email account, if relevant, or migrate mail to an external email account.
If an employee is not entitled to keep a Google email account, requests to continue a mail account for a specific length of time, for the purpose of sending an out of office message to notify others that an employee has left the University, need to be approved by Labor Relations and IT. Supervisors should complete the technical support request form on OET’s website to request to continue a mail account.
Computer and OET Network Access
Two weeks before an employee leaves, supervisors should contact OET by completing the technical support request form on OET’s website, with any directions regarding reconfiguring permissions to the employee’s files on the OET network or H: drive. Supervisors may want other employees to assume that person’s duties and access the files they use.
Supervisors should also request that OET wipes any device that the employee used of all data. This includes removing any local or machine-specific account for the employee. All devices, including USB drives, tablets, and laptops, will return to the unit.
Employees should contact OET by completing the technical support request form on OET’s website two weeks in advance of their last day, if they need to back up their files, on device(s) or the network, for their use and are unfamiliar with how to do that.
Following the employee’s last day of employment and with notice from either the employee’s supervisor or the CEHD Dean’s office, OET will disable the employee’s OET user account. Additional IT-related exit tasks are listed in our computer security and service policy.
Steps to Secure Your Device
Strong Passwords
Passwords should be hard for others to guess, not based on dictionary words, and yet memorable for you. Passwords should be strong in that they should be longer in length and have different characters than your standard lower case letters.
Once you have your password in place, it is important never to share your password. If you need to access a specific resource, consult with your supervisor and OET to determine how you can or if you should access the resource, using your UDelNet ID credentials or your University user name and password.
If you manage different web services for your unit, password creation can become difficult. Although some sites offer to streamline the login process by offering you to use your Twitter, Facebook, or Google account to sign into their site, never use credentials from these accounts. Instead, use a different user name and password for each service. If you use different passwords, it prevents access to more sites, if one site that you use is compromised. If hackers obtain your account information from that one compromised site, they could use the same information to try to obtain your data on other popular sites.
Password checkers – Check if your password is strong enough. Don’t ever revel your actual password, even in the password checkers. Test with a similar password:
Password Generators – If you are stumped for a password, consider using a password generator; however, tweak the password you choose slightly so that you don’t use the actual generated password character for character. Passwords generated by password generators may be more difficult to remember:
Software Updates and Antivirus
Another way to secure data is to apply software updates and use antivirus software. At the University, we have several security software titles available to us. Check for the latest antivirus and security solutions on UDeploy. Your laptop and desktop computers should have antivirus software installed to protect against malware that could allow for unwanted access to your data.
Identity Finder
Identity Finder will search for Personally Identifiable Information (PII) in the form of social security numbers, credit card numbers, and passwords. It takes a while, sometimes several days depending on the data on your computer, to run a complete scan so plan on leaving your computer on for a while. Identity Finder is available on UDeploy and is licensed for installation on faculty, staff, and UD-owned computers.
Malwarebytes
If you find that your computer is slowing or acting out of the ordinary, you could install a product called Malwarebytes to scan your computer for malware. Be sure to download the free trial version. Malwarebytes searches for known exploits and attempts to remove them. Depending on the exploit though, it is sometimes not possible to completely remove the exploit with Malwarebytes. Contact OET, if your device behaves irregularly, or if you suspect your device has malware.
Encryption software
- For Windows machines, the University of Delaware recommends AESCrypt which is available through UDeploy.
- For Macintosh computers, IT recommends the native Mac encryption or AES Crypt. If you want to use AES Crypt on a Mac, contact Consult for further guidance.
Be Aware of Questionable Email
Be suspicious of email if it conveys a sense of urgency, has misspellings, or poor grammar. Never enter your UD credentials in response to a suspicious email called a phish. Never follow links in suspicious emails. Be careful in opening attachments that you were not expecting. If you are unsure, contact OET.
Take a Bite Out of Phish from IT defines phishing and lists resources.
Lock your Device
To protect data, we not only have to look at electronic access but physical access as well. An easy step to take is to lock your device–whether your device is a phone, tablet, laptop or desktop–when you step away from it.
You can prevent unauthorized access by setting a screen lock to run after a certain number of minutes or you can manually lock your screen when you walk away from your computer.
- Window 10 – Press and sequentially hold down Cntrl-Alt-Del keys and select Lock this computer from the list of options.
- Macintosh – Press and sequentially hold down the Control-shift-and power keys
- iPad – set a passcode for added security and press the sleep/wake button
- Android – configure in settings – You will need to choose to lock with a slide, PIN, face lock, or password.
On a related note, if you use an external hard drive or USB, lock your drives in a filing cabinet or your desk when not using them.
Travel
Whether we travel to another country or down the street to a coffee shop, it is important to safeguard our data. One way to do this is to use the UD VPN when not on campus. Also, avoid logging into webpages, whether it is with your computer or a public computer, with your UD or other credentials when you are on a new or public wireless network. Chances are you won’t know who set up public networks and who is monitoring them. If you log onto an insecure network and go to your bank’s site or a UD page that requires credentials, someone could potentially see those credentials and take your password.
Another precaution is to take only the data that you need with you when you travel. In case your device is unintentionally accessed, misplaced, or stolen, then you will know what data was taken.
Loss Prevention
If the unthinkable happens and a device is misplaced or stolen, contact OET. We use inventory apps to manage devices and may be able to wipe data from the device that was lost. In addition, there is software available that can help track the device, if it is installed beforehand. This software needs Internet access to track the device.
- Find my iPhone is available for iOS devices, iPad and iPhone, and also Macintosh computers. In the latest Mac operating system it is integrated with the iCloud panel.
- Prey runs on Windows, Apple, Linux, Android, and iOS devices.
Secure UD Training
Secure UD Training is available for UD faculty and staff to learn more about data security.