Donuts Have Holes, Information Security Should Not!

October 01, 2019

donut.pngBy becoming aware of possible threats and vulnerabilities, you help to protect UCSC as well as yourself. Stay secure and evade cybercrime and common threats by securing your devices. Employees and students can use ITS services to plug information security holes where available.

Donuts have holes, but information security should not! Here are five ways to plug possible vulnerabilities  and to help secure your digital life. 

twitter image

1. Physically protect your computer from theft:

  • Hackers are not the only threat causing computers to get breached – physical safety is just as important as cyber security. Computers are stolen all the time!
  • Use a cable lock up and don’t leave your laptop unattended in the library, office or car.

 2. Password protect your device

  • Protect all devices with strong passwords. Use a password manager, and maintain unique passwords for each account.
  • Set up your screensaver with a password that activates after 15 minutes of inactivity and manually lock the device before leaving it unattended.

 3. Use Eduroam:

  • Eduroam is a free encrypted wireless service at UCSC that allows students, faculty, staff, and visitors from other participating institutions, to connect securely to the Internet.
  • Set up your computer and mobile devices to use Eduroam 

 4. Use Campus Virtual Private Network (VPN):

  • Campus VPN is a free service that enables a secure connection to the UCSC network from off campus. VPN encrypts your data against potential intruders.
  • Set up all computers and mobile devices to use Campus VPN and connect when you are located off campus.

 5. Use anti-malware:

  • Install anti-malware software on your computer to protect against malicious software. This software will scan your computer and alert you on harmful software.
  • Devices enrolled in Managed Computer Services automatically receive anti-malware. UCSC also offers free anti-malware software for faculty, staff and students. 

For more information on how you can make secure choices, visit https://its.ucsc.edu/security/stay-secure.html 


Policy Wonk Section

Minimum Security Standard

These requirements apply to all workforce members and all devices, university or personally owned, when the device connects to a UC network or access UC information.

  • Devices must be physically secured.
  • Devices are secured with a strong password.
  • Devices use lockout/screen-lock mechanisms or session timeout to block access after 15 minutes of inactivity.
  • Anti-malware software installed and up-to-date.

If you check your work email from your personal mobile device, these requirements apply to you.

UC IS-3 Electronic Information Policy

Section 10: Encryption requirements 

  • Units must encrypt Institutional Information classified at Protection Level 3 (P3) or higher when transmitted over a network.
Student data and personnel records are classified as P3.  If you work with this type of data, Eduroam and Campus VPN help you meet this requirement.