Employee Guide to Information Security

Protecting UF Is Our Shared Responsibility

Come On In, Please Use the Technology

The Information Security Office (ISO) protects UF data and personal information from internal and external threats. The university has invested in state-of-the-art intrusion detection software and systems to protect its network and data, and employ information security staff to monitor the UF information systems environment 24/7. Still, the best defense against a security or data breach is an informed and involved community. “Information Security Begins With You!”

It’s A Fact

The number one reason for compromised accounts at UF is when faculty, staff, or a student opens and responds to a phishing email.

Phishing is when someone tries, via email, text, or phone call, to get your personal information by pretending to be a trustworthy company, government entity, or a UF department.

Remember: No one at UF will ever ask you for your GatorLink password or your Social Security Number!

If you are in doubt about an email or a phone call you to receive at work, check with the UF Computing Help Desk (352-392-4357/HELP, helpdesk@ufl.edu).

Learn more about phishing email…

Learn More about UF Information Security Policies

Mobile Computing and Storage Devices

All mobile devices (such as smartphones, laptops, and tablets) and storage devices (like USB flash drives or external hard drives) used for university business, regardless of ownership, must be compliant with University of Florida policies and standards. University business includes receiving and answering UF email, processing student assignments and grades, approving time, and research and teaching-related activities.

  • All mobile devices must be encrypted and have a strong password or PIN.
  • If a university-owned device is lost or stolen, it must be immediately reported to your local IT support group or to the UF Computing Help Desk.

Learn more about securing your mobile devices…

Know Your Data

You are responsible for the data you use, process, and store. Read the Data Classification Policy and Standard.

Patch, Patch, Patch

All software has bugs, many of which can allow criminals to exploit your computer to steal or damage data. When new bugs are discovered, software vendors release updates and patches. It is critical that software updates and patches are installed quickly to prevent security compromises.

  • If you use your own computer to do UF work (email, teaching, learning, research and administrative activities) you must install updates and patches as quickly as possible. Failure to do so could leave you responsible legally and financially for any breaches that occur. Learn about how to keep your computer up-to-date…
  • UF’s VPN service allows faculty and staff to securely “tunnel” into campus network and access services and files. Contact your IT support staff or ISM for assistance setting up a VPN connection. Learn more about UF’s VPN…

New Project or Grant? Purchasing Computers or Software?

If you’re purchasing a new computer system, service or software — even if funded by a grant or contract — please check with your Information Security Manager (ISM) or IT support unit before making the purchase. Many IT acquisitions must be evaluated with regards to security, privacy, and legal considerations as well as compatibility with existing UF systems. Not taking these steps can cause delays too — and extra costs for — your projects.

Software and tools that have already been evaluated by UF

UF Information Security Risk Assessment

Choose Strong Passwords

UF’s GatorLink system requires the use of strong passwords. Creating high-quality passwords can be tricky. More information and tips for creating strong passwords.

Laws & Regulations

Federal and state laws address how confidential information must be handled.

Violation of these laws and regulations could result in significant fines and penalties to UF, and possibly to the individual responsible for the violation.

There are multiple federal and state laws governing confidential information that impacts the University of Florida community:

Report Suspected Information Security Incidents

If you suspect an information security incident has occurred, even if you had a part in its cause, report it immediately to your ISM or to the UF Computing Help Desk. Signs that could indicate an information security incident include:

  • Your GatorLink password no longer works, and you did not institute a change. This could mean someone changed it without your knowledge, a possible result of a phishing incident.
  • Your files are suddenly deleted or corrupted, or new files unexpectedly appear.

Learn about other indicators of possible information security incidents…

Learn More

Security Alerts

The IT Alerts page is frequently updated with information about campus IT services as well as warnings about cyber scams and viruses. https://alerts.it.ufl.edu