Stolen information can result in identity theft and compromise. Unprotected information can be stolen from anywhere at any time. It can be taken when you least expect it. Sensitive information is not limited to just social security numbers or credit card numbers. It also includes student information and grades, human resource data, and private research data, as well as other types of information.
Accidental Exposure
Sensitive information can become public with a click of the mouse. Take a good look at the way you store and share sensitive information. It is spread everyday through minor human errors that can be easily prevented.
- Unnecessary records: Always know what personal information is required to complete any transaction. Never supply more than is necessary.
- Taking the easy way out: Never bypass security protocols for an easier way or an old habit. Future consequences can far outweigh the few seconds you may save.
- Improper handling: Everyone capable of accessing sensitive information should be made aware of its importance and be trained in handling it.
- Forgetfulness: Be aware of the location of any sensitive information at all times.
Safe Practices
Make sure you follow these security tips:
- Protect your data
- Avoid using an insecure wireless internet connection when accessing sensitive information over the web.
- Use the UChicago VPN (cVPN) when traveling and you need to access sensitive data on an unfamiliar internet connection.
- Log out of web applications when you are using a public or shared machine to access sensitive information. Remember to explicitly log out and exit the browser.
- Do not save passwords or data in web forms.Use encrypted thumb/flash drives for external mobile data storage.
- Protect your passwords
- Do not use your CNet password outside of the University.
- Use strong passwords, such as a password phrase and include at least three character sets (for example, xxXX123@#$).
- Do not share your password with anyone, including family members.
- Do not provide your password, credit card, or social security number in emails, especially emails that threaten to take away computer services or such from you if you do not provide this information.
- Use a password database, such as Password Safe, which is a free open-source product and can be used on multiple operating systems. Note: This application is not supported by IT Services.
- Protect your computer
- Rename your administrator account and set an administrator password that is strong. Be sure to use at least three character sets (for example, upper and lowercase letters, numbers, and symbols).
- Turn off the guest account when not needed.
- Turn on your computer's firewall.
- Run an antivirus application, such as CrowdStrike Falcon, which is offered for free to faculty, staff, and students.
For more information about safe computing practices, visit the Get Secure website.
Tools for Keeping Information Safe
IT Services offers two free services to help you keep sensitive information safe. For information about storing and sharing Microsoft Office files safely, see Keep High Risk Files Safe.
Box
When you need to share a file containing sensitive information, do not send the file via email. Instead, place it on one of the University's file shares such as: Tank, UChicago Google Workspace, or UChicago Box.
Note: Some departments have established alternative file sharing systems for their staff. Check with your department to find out whether such a system is in place for your department.
University Policies for Sensitive Information