University of Oregon

Security Checklist

Audience
Faculty/Staff
Researcher
Student
GTF

Security Checklist

As students or employees of the University of Oregon, we are privileged to have access to a fast network.

Acceptable Use of Computing Resources
We are required to follow the university's acceptable use policy. Be sure you’ve read and understand the policy. Be aware of uses which are allowed and those that are prohibited. The policy is available at https://it.uoregon.edu/acceptable-use-policy.

Password Protection
Your password is your first line of defense. Use these guidelines to ensure your information is kept safe.

  • Choose a strong password (e.g., 8 to 14 characters with a mix of letters and characters that are hard to guess).
  • Do NOT use commonly used passwords like your birthdate, license plate, children’s names, etc. “U0duck$f*n” is an example of a strong password. (Please don't use this example).
  • Many of us use multiple passwords and often write them down. Make every effort to avoid doing this. If you must, keep your passwords in a secured location. Password safes like KeePass make this task easier.
  • Do not share your password with other users.
  • Do not save your password in web forms.
  • Passwords should be changed every six months for optimal security. Set a reminder on your computer calendar to do this. Visit http://duckid.uoregon.edu/ if you need to change your uoregon.edu password.

Every Day Computer Protection
If you work with sensitive information, take these steps to ensure passersby do not have access to your system.

  • Lock your screen when you leave your desk. In Microsoft Windows, “Windows Key, L” will do this.
  • Keep your portable devices (such as thumb drives) in a safe place.
  • Turn your computer screen to ensure it is not visible to others.
  • Turn off your computer at night. If this is not possible, be sure your screen is locked when you leave.
  • If applicable, close and lock your office and work area when you are not present.

Use software distributed via Duckware
The Technology Service Desk distributes software online via Duckware. This is a collection of software recommended by the University to assist with safe computing practices. For more information see Duckware.

Keep your System Updated
Systems that are not kept up to date are susceptible to attack. Accept automatic updates when you are prompted and shut your computer off at night. 

Use Safe Browsing Practices
Most of us use the internet. Usually, our computers have a default browser on them such as an older Internet Explorer or Safari version which can be susceptible to viruses.

  • Use a safe internet browser for general browsing such as Mozilla Firefox, instead. Windows and Macintosh users can download Mozilla Firefox at http://www.mozilla.com. Windows users can also use the latest version of Internet Explorer available at http://www.microsoft.com/windows/ie/downloads/default.mspx
  • Do not visit unfamiliar or suspicious websites. If you must visit them, do not type any personal information into them.

Avoid Spam
All of us receive plenty of spam and unfortunately, some of us are forced to allow emails into our computer from unknown sources because of our positions.

  • If you receive an email that you’re not sure of, check with your technical support staff before opening it. If you don’t have support staff, call (541) 346-4412 for assistance.
  • You can reduce the amount of spam you receive by checking your spam filtering settings. You can do this at Spam Filtering. There is additional information available on configuring your spam settings at Spam Filtering Configuration.

No Phishing
Phishing attacks try to lure you into giving away personal or financial information.

  • Never click on links in an email that appear to come from Ebay, PayPal or banking sites.
  • Make sure you are using the latest web browsers.
  • Consider using add-on phishing protection such as Netcraft Toolbar or Norton Confidential.
  • To report phishing abuse, visit: http://www.castlecops.com/pirt or http://phishtank.com.

Sensitive Information
Sensitive information ranges from human resource information, passwords, credit card information, personal identification numbers, to student information.

  • Avoid storing sensitive information on your computer if possible.
  • If you must store sensitive information on your computer, talk with your technical support staff about ways to ensure it is protected.

High Risk Minor Equipment
Beginning in July 2006, any computer (desktop, laptop or PDA) valued less than $5,000 must be registered in Banner for property management. To register your equipment, please contact Property Control Coordinator, Bob Swanson at: 346-3163. See http://baowww.uoregon.edu/PropertyControl/equipment.htm for more information.