This is a simple strategy that allows you to temporarily ‘lock’ your computer when you step away from your desk without having to shut it down.

• To use this method, you need to have an active User Account for your computer. Learn how to set up a User Account for Windows or Macintosh.
• If you share your computer, locking the screen does not prevent others from turning the computer off, restarting it, then logging in to their own accounts.

Learn how to ‘lock’ your Windows | Macintosh computer.

As an alternative to 'locking' your computer, you can set up your screen saver to prompt you for your User Account password once you resume your work.

• Macintosh users: locking the screen also locks your screen saver! You’re all set!
• Windows users: learn how to enable screen saver passwords.

Most Microsoft Office applications (e.g., Word, Excel) give you the option of creating passwords for individual documents. Use these passwords to restrict access to files that contain sensitive student information.

In Word and Excel, you can set up Passwords to Open (passwords required to open a file) or Passwords to Modify (passwords required to make changes to a file). Because simply viewing information related to a student's educational records breaches FERPA's confidentiality clause, we recommend that you use the Passwords to Open option.
Learn how to create Passwords to Open for Microsoft files.

Weak passwords make your computer vulnerable to various types of attacks. Password-guessing software has become more sophisticated, and many break passwords by ‘dictionary attacks’, trying every possible combination of characters. It is critical that you:

• Create passwords that meet the industry guidelines for strong passwords. Password Guidelines
• Never write down your password. Often people store their passwords on a post-it note next to their monitor. This is the easiest way to gain access to a computer. Store your passwords (or hints to the actual passwords) in a secure location, such as a locked drawer.
• Change your passwords periodically. Remember to change important passwords every 90 days or at least every semester. This will make your passwords less vulnerable to ‘dictionary attacks’.
• Always say 'No' if prompted to save a password. Some browsers offer to save your passwords. Get in the habit of always saying ‘No’.

Not all email services provide the same level of protection for your messages. When sharing student information with others:

• Do not use Instant Messenger or a commercial email account (e.g., Hotmail). These services may not use encryption, leaving your information vulnerable to being intercepted in transit.
• Use your UMail or departmental email address. These campus email services use the appropriate level of encryption to keep your information secure.
  Learn more about UMail | Departmental Email Addresses
• Beware of email viruses. Viruses transmitted via email can seriously compromise your compurter. Learn more

UDrive, OIT’s Web file storage system, offers a secure environment for sharing student data. UDrive’s Web interface allows you to access and share your files from on and off campus, using any computer with an Internet connection. Its multiple sharing options allow you to decide who gets access to your files, and the level of access they have (i.e., read, write, delete, administer).
Learn more about UDrive

If your department has a shared drive, check with your system administrator about how you could restrict access to certain files or folders. As a rule, use caution when saving student information on shared drives. Consider using UDrive instead (see below).

CDs, USB flash drives, or floppy disks are convenient, but certainly not secure. Because they can be easily lost or corrupted, we recommend that you avoid using them for work with student information. Consider using UDrive as a storage alternative.

UDrive provides a secure, encrypted storage space, ideal for sensitive information. Use UDrive to store any type of file, from word processing documents and spreadsheets, to Web sites and databases. UDrive’s Web interface allows you to access your files from any computer with an Internet connection, on or off campus.
Note: To access UDrive, you must have an OIT Account.
Learn more about UDrive
Learn more about OIT Accounts

Make sure that all your computing equipment (e.g., your laptop, desktop and any portable storage media) is stored in a secure location. This involves locking the appropriate office and storage unit doors, and placing hardware in locations where it cannot be easily removed.

A security cable will discourage anyone from walking away with your laptop. Consider getting one, especially if you do most of your work from your laptop. Laptop security cables are available at most computer retailers.

Once you’re done working with student information, close all windows, sign off all applications, and exit all files. Make sure to log out of SPIRE, too. This will ensure that confidential information is not readily available to by-standers, especially if your computer is located in a public area.

Turning off your computer is a simple, but effective data-protection strategy. If your computer is turned off, your files remain off-limits even if your machine is stolen or there is a network breach. Always remember to shut down your computer when you leave for the day.

Does your department have a shredder? Make sure you shred, not recycle the confidential documents you no longer need.

While you have spent a considerable amount of time securing your machine, this may not be the case with other public or shared computers, especially off-campus. We recommend that you limit your work in Internet cafés, public libraries, or on any computer that is not yours.