Best Practices for Information Security
Best Practice #1: Stay abreast of your security responsibilities
- Meet with your supervisor to review your responsibilities for information security and to identify the laws, policies, standards and practices that are relevant to your work at ECU.
- Consult the appropriate ECU compliance offices as needed on the proper handling of regulated data.
- Work with your supervisor to identify opportunities to develop the knowledge and skills you need to carry out your information security and compliance responsibilities.
Compliance and regulations | ECU policies | FERPA
HIPAA | IT policies | IT security training | Sensitive data | Sensitive data storage
Best Practice #2: Report Security Issues Promptly
- When you encounter a security issue or concern, promptly report it through the appropriate reporting channels.
- If you are unsure if an issue should be reported or to whom it should be reported, ask your supervisor for guidance.
Report a security incident
Best Practice #3: Use Mobile Devices Thoughtfully and Securely
- Do not store sensitive information on your smartphone or other mobile device without prior approval. Check with your supervisor on the approved uses of mobile devices for your work.
- If you store sensitive information on a mobile device, you must ensure the information is encrypted, password protected and transmitted only over secure networks.
- Immediately report a lost or stolen device to your supervisor and the IT help Desk.
Email encryption | AirWatch mobile device management
Best Practice #4: Remove ECU Data from devices before disposal or trade in
Identity Finder | Disk Sanitation policy
Best Practice #5: Use different passwords for ECU and personal accounts
- Use passwords for your ECU accounts that are different from those for your personal accounts.
- Select passphrases that are easier to remember, and just as secure as shorter, complex passwords.
- Do not share your password with others, even as a favor to a coworker.