Daily Office Cybersecurity and Data Protection Checklist

Maintaining office cybersecurity and data protection is a shared responsibility. Consistently following these practices helps safeguard our university’s data and protects against potential threats.

• Workstation Security
  • Lock Workstation: Always lock your computer screen when stepping away from your desk, even for short periods.
  • Password Protection: Ensure that all passwords are strong long (14 + characters), unique, and never shared. Use a password manager if necessary.
  • Software Updates: Check for and install any pending software updates, including operating system and antivirus definitions. (Usually this is automatic, and a restart occurs, if not, type in “update” into the search bar, and hit the button check for updates)
  • Logout of Systems: Log out of any university systems, applications, or websites at the end of the day.
  • Lock up your workstation if your computer is able to be locked up at the end of the day, lock it in a filing cabinet.
• Physical Security
  • Secure Workstation: Ensure that your workstation is organized, with no sensitive information left on the desk.
  • Lock Cabinets/Drawers: Store all sensitive documents in locked cabinets or drawers when not in use.
  • Badge Access: If badge access is used, ensure that your employee badge is used only by you and that it is not left unattended. Do not let other employees in the office with your badge.
• Email Security
  • Check for Phishing Emails: Be vigilant about phishing emails. Report any suspicious emails to the IT Security department immediately. There is a report message button on Outlook.
  • Avoid Clicking Unverified Links: Do not click on links or download attachments from unknown or unverified sources.
  • Encrypt Sensitive Emails: If you must send sensitive information via email, use encryption methods approved by the university.
• Data Handling
  • Encrypt Files: Ensure that any sensitive data stored on your computer is encrypted. Ask the IT department to help set this up.
  • Backup Data: Regularly back up important data to a secure location as per university guidelines.
  • Use University-Approved Storage: Store all university data on approved and secure cloud services or servers. Do not use personal devices or personal storage solutions.
• Network Security
  • Use Secure Wi-Fi: Always connect to the university’s secure Wi-Fi network. Avoid using public Wi-Fi for work-related tasks.
  • VPN Use: If working remotely, ensure that you are always connected to the university’s VPN.
  • Monitor Network Activity: Be aware of slowness or quirks on your devices and report any anomalies to IT.
• Device Security
  • Mobile Device Security: Ensure that mobile devices used for work are protected with a strong password, and university-approved security software is installed.
  • No Unauthorized Devices: Do not connect any unauthorized devices (like USB drives or personal gadgets) to the university network or computers.
  • Report Lost Devices: Immediately report any lost or stolen devices to the IT department to prevent unauthorized access to university data.
• Access Management
  • Review Access Permissions: Regularly review the access permissions of files and systems you are responsible for. Ensure only authorized personnel have access.
  • Two-Factor Authentication: Ensure two-factor authentication (2FA) is enabled for all critical systems and accounts.
  • End-of-Day Check: At the end of the day, verify that all systems are logged out, devices are secured, and no unauthorized individuals are in the office.
• Incident Reporting
  • Report Security Incidents: Immediately report any security incidents, suspicious activity, or data breaches to the IT department.
  • Record Unusual Activities: Maintain a log of any unusual activities or events that could impact cybersecurity, and share it with IT.
• Compliance and Training
  • Follow University Policies: Adhere to all university cybersecurity policies and guidelines.
  • Complete Training: Regularly complete any required cybersecurity training modules and stay informed of the latest security protocols.
• Clean Desk Policy
  • Clear Desk: At the end of the day, ensure your desk is clear of all papers, notes, and other materials that contain sensitive information.
  • Shred Documents: Dispose of any sensitive documents you no longer need by shredding them before discarding.

Policies

• Highly Sensitive Data Clean Desk and Clear Screen Policy
• Backup and Recovery Systems
• Data Security Incident Response
• Data Disposal | Search Policies and Handbooks
• Antivirus and Anti-Spyware Requirements and Virus Reporting

Keep your account safe, prevent scams, send safe email, and practice good device hygiene with the Cybersecurity Checklist.