//Security Do’s and Don’ts
Security Do’s and Don’ts2018-03-16T11:25:36-04:00

The DO’s and DON’Ts of Cyber Security

Cyber security is the shared responsibility of every university employee. YOU play a key role in properly safeguarding and using private, sensitive information. The following do’s and don’ts help remind us all of actions we must take to remain vigilant.

DO’s

01

DO use hard-to-guess passwords or passphrases. A password should have a minimum of 10 characters using uppercase letters, lowercase letters, numbers and special characters. To make it easy for you to remember but hard for an attacker to guess, create an acronym. For example, pick a phrase that is meaningful to you, such as “My son’s birthday is 12 December, 2004.” To use that phrase as your guide, you might use Msbi12/Dec,4 for your password.

02

DO use different passwords for different accounts. If one password gets hacked, your other accounts are not compromised.

03

DO use privacy settings on social media sites to restrict access to your personal information.

04

DO pay attention to phishing traps in email and watch for signs of a scam.

05

DO destroy information properly when it is no longer needed. Place paper in designated confidential destruction bins throughout the office or use a crosscut shredder. For all electronic storage media, consult with IT.

06

DO be aware of your surroundings when printing, copying, faxing or discussing sensitive information. Pick up information from printers, copiers or faxes in a timely manner.

07

DO lock your computer and mobile phone when not in use. This protects data from unauthorized access and use.

08

DO remember that wireless is inherently insecure. Avoid using public Wi-Fi hotspots. When you must, use LIU provided virtual private network software to protect the data and the device.

09

DO familiarize yourself with your responsibilities under university policy in regards to acceptable use of IT resources. Review and follow security policies and related standards.

10

DO report all suspicious activity and cyber incidents to IT. Challenge strangers whom you may encounter in the office. Keep all areas containing sensitive information physically secured, and allow access by authorized individuals only. Part of your job is making sure university data is properly safeguarded and is not damaged, lost or stolen.

DONT’s

01

DON’T leave sensitive information lying around the office.

02

DON’T leave printouts or portable media containing private information on your desk. Lock them in a drawer to reduce the risk of unauthorized disclosure.

03

DON’T post any private or sensitive information, such as credit card numbers, passwords or other private information, on public sites, including social media sites.
DON’T send it through email unless authorized to do so.

04

DON’T open mail or attachments from an untrusted source. If you receive a suspicious email, the best thing to do is to delete the message, and report it to IT.

05

DON’T click on links from an unknown or untrusted source. Cyber attackers often use them to trick you into visiting malicious sites and downloading malware that can be used to steal data and damage networks.

06

DON’T be tricked into giving away confidential information. It’s easy for an unauthorized person to call and pretend to be an employee or business partner. DON’T respond to phone calls or emails requesting confidential data.

07

DON’T install unauthorized programs on your work computer. Malicious applications often pose as legitimate software. Contact your IT support staff to verify if an application may be installed.

08

DON’T plug in portable devices without permission from your department management. These devices may be compromised with code just waiting to launch as soon as you plug them into a computer.

09

DON’T leave devices unattended. Keep all mobile devices, such as laptops and cell phones physically secured. If a device is lost or stolen, report it immediately to IT.

10

DON’T leave wireless or Bluetooth turned on when not in use. Only do so when planning to use and only in a safe environment.

At Long Island University, do not send sensitive data via email unless it is the following:

  • It is required by your role within the university
  • You’ve been issued appropriate storage solution for more secure alternatives by IT for larger data size
  • Do not use email to transmit sensitive information unless you are utilizing an IT approved method of securing the email.

 

Security measures are active in LIU email along with all other LIU information systems, so if you encounter any automated alert/message for which you have a question or need help to navigate through in order to complete your work duties, please contact your local campus IT office for further assistance.

Employees interested in obtaining information/trainings about handling sensitive data, and any other personnel-related topic pertinent to employment at LIU, are encouraged to contact LIU’s University Human Resources Office.

For LIU’s policies concerning sensitive data, see https://it.liu.edu/about-us/it-policies/