spacer

NATIONAL CYBERSECURITY AWARENESS MONTH, PART 1: Workstation Security - 10/8/09

Being “cybersecure” starts with an individual’s commitment to keep his or her computer and its content safe from loss or misuse by outsiders.

Brad Peart, who oversees desktop computer support for Business Services Computing, has observed that the majority of employees in his area keep their workstations secure by following Business Services’ best practices – some which may apply to other areas of the University as well. Despite adhering to best practices, occasionally even the most careful Business Service employees need a reminder about two areas of security: locking their workstations and scanning their hard drives.

Each time staff leave their desks, they need to lock their workstations. A simple keyboard command – “Windows logo key” plus “L” or “Ctrl+Alt+Delete” – will lock the computer and keep unauthorized people from possibly accessing sensitive or restricted data. Even information available through SAP may be at risk if a computer is left running while its assigned user steps away.

“Locking the computer is a good habit to acquire,” Peart said, “particularly since staff are responsible for what happens on their computer while they are logged on to it.”

Staff also are expected to scan their hard drive once a month to search for documents that have been unintentionally stored on their local hard drive or desktop. The operation is easy to perform and takes only minutes, but the results are important for maintaining good data security, according to the HR/Financial Zone. Instructions for “How to Scan Your Workstation for Potentially Sensitive Data” are available to HR/Financial Zone customers on the Human Resource/Financial Computing Zone Web site.

In addition, a June 25, 2007 memo from James S. Almond, vice president for Business Services and assistant treasurer, spells out his security expectations for Business Services employees. The list includes expectations regarding:
     -- Storage of data
     -- The intent and impact of Indiana’s Social Security breach and notification laws
     -- Printing and electronically transmitting restricted and personally identifiable data
     -- Executing a monthly scan of workstations
     -- Creation and execution of queries or programs that include Social Security numbers
     -- Personal use of computer
     -- Locking the workstation when its user steps away

Business Services’ expectation is that employees use their work computers only in the performance of their jobs. As the Almond memo states, “Your computer should not be used to visit websites that are not required for Purdue business purposes.” Downloading computer games, Internet files and email attachments could make the computer vulnerable to a virus. In turn, the virus potentially could enter the University network.

Overall, employees do a good job in protecting their workstations, the HR/Financial Zone said, offering these additional reminders:

Workstation security
     -- Employees must keep workstations secure by locking them when they are away from their desks.
     -- Computers must be shut down each night. (Check with area’s technical support teams for area’s requirements.)
     -- Do not store University data on the workstation hard drive, laptops, tablet PCs, CDs, floppy disks, Blackberrys, or other external devices.
     -- Store all University data on the servers. This will ensure the security of the data and proper backup procedures.
     -- Do not store Purdue data on home computer.
     -- Delete temporary files. (This is being done automatically for HR/Financial Zone-supported PCs.)
     -- Empty recycle bin daily.

For more information, visit the Workstation page of the Business Services Security Web site.

Email scams
If an email seems suspicious, do not open it. More information about email scams and phishing, is available on the Phishing Scams page of the SecurePurdue Web site. A game and a video, “The Duhs of Security” are also available on that page.

For more information about workstation security, please contact Brad Peart, or visit the SecurePurdue Web site. The site also contains information about the activities planned this month in connection with the National Cybersecurity Awareness campaign.


Contact: