Faculty information security guide
Good security practices are vital for protecting your work and privacy, as well as the work and privacy of your colleagues. This summary identifies key practices, and lists resources and services available to you as a UC Davis faculty member.
Find a digital copy of this guide, with hotlinks, atiet.ucdavis.edu/security/facultyguide
If you have questions, please contact the UC Davis Information Security Office (ISO) at email@example.com/or your department’s Unit Information Security Lead (discussed in IS-3, below): see directory of Security Leads at https://iet.ucdavis.edu/unit-iso-partners
IS-3is the University of California’s Information Security policy. It applies to UC faculty and staff, sets standards, acknowledges the complexity of protecting digital assets in the UC, takes a flexible approach to compliance, offers help meeting its goals, and assigns different roles to people depending on their jobs. Read more at https://security.ucop.edu/policies
- Use current versions of your software and apps. Update them regularly.
- Back up data. UC Davis offers Crashplan. See https://itcatalog.ucdavis.edu/service/crashplan
- Encrypt your data. Work with your local IT support to ensure that your mobile devices, laptops, and phones are encrypted.
- Use multi-factor authentication to protect your accounts. UC Davis uses Duo; see https://itcatalog.ucdavis.edu/service/duo-multi-factor-authentication
Store, discard, and handle sensitive information safely
- Store sensitive data in secure locations, whether digital or physical. Lock up printed material.
- Safely delete or discard information you no longer need. Shred documents that have sensitive or personal information before discarding them.
- Public wi-fi networks are less secure than private networks. When handling sensitive information, use a virtual private network (VPN). The UC Davis Library has a VPN: see https://www.library.ucdavis.edu/service/connect-from-off-campus/
Support for research
UC Davis can help you protect your research and meet the security requirements of granting agencies. Examples:
- The Sponsored Programs Office, https://research.ucdavis.edu/contact-us/sponsored-programs, can help you meet security needs for grants.
- Information and Educational Technology can help you develop a secure research computing environment with AWS (Amazon Web Services) that meets NIST 800-171 guidelines.
To discuss research security needs, email firstname.lastname@example.org with “Research Support” in the subject line.
- Before traveling, see https://globalaffairs.ucdavis.edu/travel
- Do not expect privacy, especially when crossing national borders, even when returning to the United States. Some nations, including the USA, severely restrict data that can travel to those nations.
- Do not use public wireless networks.
- Using a virtual private network (VPN) will improve security, but still might not be secure enough for sensitive information, depending on your location. Ask your home department for guidance, or consider using the UC Davis Library VPN: https://www.library.ucdavis.edu/service/connect-from-off-campus/
- Look into getting a secure, personal, wi-fi hotspot device—a cellular device used exclusively for data. Talk with your department’s IT support.
- Never enter your credentials into a public computer, i.e. at a hotel business center or internet café. Public computers are not safe.
- Consider printing your multi-factor authentication Duo codes as a backup in case you lose your multi-factor device. See http://kb.ucdavis.edu/?id=3833
Always watch out for:
- Phishing. Be skeptical when you receive a message that is unexpected, urgent, and/or seeks money or personal data. If you think the message is legitimate, independently verify it with the person who (supposedly) sent it to you.
- Ransomware. This happens when a hacker locks your information until you pay a ransom. To forestall a potential loss, back up your files in a location that an attacker could not access.
- Exercise caution when opening attachments encountered via email, chat rooms, and on social networking sites. Such attachments might carry malware.
- Exercise caution when using file-sharing person-to-person applications. Be sure they are secure.
- If you suspect your account, computer, or other digital resource has been compromised, please contact IT Express (email@example.com) and firstname.lastname@example.org. See http://kb.ucdavis.edu/?id=2882
UC Davis resources/services
- Safe procurement. When you procure services or software from vendors for the first time, find out if it has good security practices. Consult your department’s IT support. You can also request a vendor risk assessment via https://itriskmanager.saiglobal.com/ucdavisgrc/
- Data sensitivity guide. This work in progress, at https://cloud.ucdavis.edu/data-types-list, defines different types of data, and offers general ideas on where you can (or should not) safely store that data.
- General information resources:
- The UC Davis IT Service Catalog lists tech-related services: itcatalog.ucdavis.edu
- The Knowledge Base has information and directions on how to use various technologies at UC Davis: kb.ucdavis.edu.