Information Security Awareness Training:
Reminders for Computer Users
Protect confidential information, including all patient information.
There's no excuse for being lax, when it comes to "good computing practices."
|Your Account is Only As Secure As Its Password
- Don't let others watch you log in.
- At home change your password often.
- Don't write your password on a post-it note.
- Don't attach it to your video monitor or under the keyboard.
UCSDHC / UCSDHS Password Standard
- It can't be obvious or exist in a dictionary.
- Every word in a dictionary can be tried within minutes.
- Don't use a password that has any obvious significance to you.
- Eight character minimum and should contain at least one of each of the following characters:
- Uppercase letters (A-Z)
- Lowercase letters (a-z)
- Numbers (0-9)
- Punctuation marks (!@#$%^&*()_+=-)
- Some systems have limitations
- Password Construction
Password Construction: Vanity Plate
- Pick a sentence that reminds you of the password. For example:
- If my car makes it through 2 semesters, I'll be lucky: imcmit2s,lbl
- Only Bill Gates could afford this $70.00 textbook: oBGcat#7t
- Just what I need, another dumb thing to remember!: Jw1n,adttr!
Password Construction: Compound Words
- I feel great: if33lgr8!
- Dance of the red shoes: RED,$hoes$
- Dolphins Fan: d0lf1n'sfan
Take Precautions with Physical Security of Devices
Back-up Important/Original Data Files & Programs
- Used every day and are easy to remember.
- Spice them up with numbers /special characters.
- Mis-spell one or both of the words and you'll get a great password.
- Friendship: Fr13nd+sh1p
- Lifelong: L!f3l0ng
- Teddybear: T3ddy^Bare
Report Security Incidents/Breach
- When possible, save all work to the network drive
- If you store original data on local drives/laptops, you are responsible for creating back-up disks
- Store back-up disks off-site and in a secure location protected from theft and environmental risks
- Password protect or encrypt the back-up disk
- Such as: Lost or stolen computer; network hacked
- UCSD Hot Line: 1-877-319-0265
- Campus Security: email@example.com
|Should You Open the E-mail Attachment?
When sending confidential information by E-mail
- If it's suspicious, don't open or reply to it! Delete it!
- What is suspicious?
- Not work-related
- Attachments not expected
- Attachments with a suspicious file extension(*.exe, *.vbs, *.bin, *.com, *.scr,*.pif)
- Web link
- Unusual topic lines; "Your car?" "Oh! Nice Pic!" "Family Update!" "Very Funny!"
Anything done under your log-in is your responsibility!
- Confirm the recipient's address
- Use the confidential message footer
- Encrypt it , if possible
Protect against viruses and worms
- Log off when you leave a workstation
- Do not share log-ins, User IDs or your password
- IS support staff can help when there is a problem logging in. Call 3-HELP!'Don't log in for others' use
- Use auto log-off (@ 15-minutes) and password protected screen-savers when possible
- Access only the "minimum necessary" information needed to do your job.
Encrypt files on portable devices
- Use a virus scanner and keep it updated
- Use a firewall when connecting to the internet
- Don't install unlicensed software
- Don't install something you are not sure of
- Be careful about what internet sites you visit
Wipe drives before getting rid of computer equipment
- Laptops, PDAs, memory sticks.
- Laptop theft is our #1 risk!
- Use the encryption capabilities built into your operating system or buy an encryption program.
- Back-up original data files / programs.
- Better yet, avoid keeping ePHI and other confidential information on your portable device, memory cards or PDAs if at all possible.
- Simple erasure is not enough. Degauss the device.
- Contact IS before recycling unneeded computers, or use "DiskWipe" software.
Questions? Call the UCSDHC Information Security Help Desk (619-543-7474) or (3-HELP).
Section 'Sub' Navigation:
Page 'Breadcrumb' Navigation: