A significant amount of money is spent each year on computer equipment. Departments rely heavily on information created, processed and stored on computers. To protect this equipment and information, the following items should be considered:
- Physical access to computers and disks should be limited as much as possible to protect against accidental damage and theft.
- Logical access should be limited to those users who need access to perform job responsibilities.
- Sufficient access controls, such as passwords, should be in place to ensure that employees using a computer are able to maintain the security of the information. Passwords should be at least 6 alphanumeric characters. They should be changed on a periodic basis or when a user leaves the department. See Suggestions for Password Security for further information.
- Computers logged on should not be left unattended.
- BIOS passwords (start up passwords that enable a computer to boot up), screensavers with passwords, and locking your computer or workstation when you are away from it are all great ways to prevent and deter unauthorized access to your computer or workstation.
- The department should back up critical files on a regular and timely basis. The back-up disks or tapes should be housed off-site. Contact the Office of Information Technology for additional information on daily backups of computer workstations.
- For continuity of operations, departments should document the computer processes and logic of critical functions, such as databases or worksheets.
- Unauthorized copying, storage or use of any software in violation of the software licensing agreement should be prohibited.
- To help guard against viruses, virus protection software should be continually used and updated weekly. This is available through the Office of Information Technology. Also, software should not be obtained from unknown or unreliable sources.
- Always use caution when opening email attachments. This is a favorite mechanism used for transmitting viruses. If an attachment has the extension .exe, .scr, .pif, .vbs, .bat, .zip, or a double extension such as .txt.doc, it is most likely a virus.
- Always remember that any confidential information (HIPAA, FERPA, GLB, etc) is subject to additional security regulations.
Departments with minicomputers or networks should identify a system administrator to coordinate these security considerations.
Decisions about the level of security should consider the value of the data being processed, the expense related to securing it, and the potential loss (both effort and dollars) if a security measure is not implemented.