New Policy Protects University System and All Computer Users
April 15, 2009
A new policy was recently implemented by UNH to increase the protection of information technology resources, information, and the privacy of everyone using computers on campus. Everyone must take an active role in addressing the increasing threats from malicious activity, malicious software, social engineering and other unauthorized exposure of restricted data.
Exposure to these threats results in difficulties for persons whose information was compromised, as well as financial, legal and public relations burdens for organizations where such exposure occurred. The access control policy is a University of New Hampshire System policy, but compliance is required and accomplished locally at each USNH institution. It becomes effective May 1.
Highlights of the policy include:
- All computer systems must have employee-specific passwords for access that comply with industry standards.
- Passwords must be changed at regular intervals.
- Employee-specific passwords shall be treated as sensitive, confidential information and shall not be shared. They shall not be stored on-line or written down unless adequately secured from unauthorized viewing.
- Computer users will take reasonable and appropriate measures to prevent access to systems by unauthorized persons.
- All data on computers or electronic storage devices (including but not limited to desktop, laptop, server, or handheld devices) shall be wiped clean of files and data prior to transfer or surplus.
- A Social Security Number (SSN) shall not be sent via e-mail unless encrypted or masked for all but the last four (or fewer) digits of the number.
View http://usnholpm.unh.edu/USY/VI.Prop/F.htm#5.7 to read the policy in its entirety. You will not be alone in implementing this policy. Computing and Information Services has been holding, and will continue to hold information sessions about the policy and minimum compliance standards at UNH, and training to help users learn to reset passwords, share information about current and future encryption options, screen savers, data wiping services, and accessing sensitive data from outside of UNH. Go to https://cistraining.unh.edu/ to register.
View http://cis.unh.edu/itsecurity for related information about information technology security and best practices. Please e-mail firstname.lastname@example.org with any questions or concerns.