Protecting networks, software applications, and data is a responsibility of every user while interacting with WVSOM information technology resources.
The key to protection of these IT resources is the proper utilization of usernames, accounts, and passwords. Passwords should not be “guessable” and should be changed frequently. When creating passwords the following rules should be applied:
- Passwords must be at least nine characters in length.
- Passwords may not contain your user name or any part of your full name.
Passwords must contain at least one uppercase letter, one lowercase letter, and one number.
For example, Ghrabc469 is a valid password.
Passwords should be committed to memory and should never be stored in close proximity or easy access to your computer system. If your system is left unattended, you should log out of applications and your account, or create a password protected screen saver. Electronic media, such as CDs, that are no longer used should be destroyed. Media that is still in use should be kept in a fire-resistant, locked cabinet. Before the Information Technology Department surpluses old equipment, hard drives are removed and drilled for security, or using a bootable media disk blank data is written to the hard drive. The department also maintains nightly backups of servers and file shares used by the institution. Any user information that is not backed up by the IT Department should be backed up to electronic media by the user. For students, backups are solely their responsibility. If a user is unsure of the proper backup procedures to follow, they should contact the IT Department for assistance.
Security measures should be extended to laptops, flash drives and other devices which can contain sensitive data that may not be on-site in a secured office. It is the user’s responsibility to guarantee that paper and electronic data is protected against unauthorized use, both on-site and off-site of the Lewisburg campus. This includes electronic files, emails, and all other records relating to students, employees, patients, alumni and donors.
Additionally, information technology resources are protected thru the appropriate operating system updates and insuring that computer systems have anti-virus protection software installed. For Faculty and Staff, the IT Department utilizes the WSUS (Windows Server Update Service) to deploy patches and updates to client machines. Users should always select to “Install updates and shut down” to automatically update their system when shutting down their systems. The IT Department also images machines with Symantec Endpoint Protection (SEP) to guard against viruses. Laptops provided to students are automatically installed with Microsoft Security Essentials for virus protection (www.microsoft.com/security_essentials). Students should also insure that Microsoft updates are applied to their laptops.
Users should also guard against Spyware, Adware, and MalWare when using information technology resources. Spyware is a stealth program that covertly collects information about a user and their system, subsequently sending it over the internet. Adware promotes unsolicited advertisements in pop-ups to users and can operate as spyware. Malware is malicious software that can be disguised as Adware or operate as Spyware that is intentionally trying to damage or disrupt a user’s system. In addition to using software to guard against such attacks (www.malwarebytes.org), user should follow these general guidelines:
- Avoid bad neighborhoods on the Internet. Web sites dealing in porn, illegal software, and gambling have a higher chance of containing bad software.
- Free software isn’t always free, it may have spyware attached.
- Don’t use peer-to-peer software. Their installers tend to include spyware and the software you download while on a P2P network may include spyware, viruses, and worms.
- Don’t open unsolicited e-mail. It may trigger a spyware infection!
- Tweak Internet Explorer’s Security Settings for more security.
- Be cautious when loading files from external media such as USB thumb drives.