Employee Guide to Information Security
Protecting UF Is Our Shared Responsibility
Come On In, Please Use the Technology
The Information Security Office (ISO) protects UF data and personal information from internal and external threats. The university has invested in state-of-the-art intrusion detection software and systems to protect its network and data, and employ information security staff to monitor the UF information systems environment 24/7. Still, the best defense against a security or data breach is an informed and involved community. “Information Security Begins With You!”
It’s A Fact
The number one reason for compromised accounts at UF is when faculty, staff, or a student opens and responds to a phishing email.
Phishing is when someone tries, via email, text, or phone call, to get your personal information by pretending to be a trustworthy company, government entity, or a UF department.
Remember: No one at UF will ever ask you for your GatorLink password or your Social Security Number!
If you are in doubt about an email or a phone call you receive at work, check with the UF Computing Help Desk (352-392-4357/HELP, firstname.lastname@example.org).
Learn More about UF Information Security Policies
- UF Information Security Policies and Standards
- Policies and Standards that apply to UF Healthcare components
All mobile devices (such as smartphones, laptops, and tablets) and storage devices (like USB flash drives or external hard drives) used for university business, regardless of ownership, must be compliant with University of Florida policies and standards. University business includes receiving and answering UF email, processing student assignments and grades, approving time, and research and teaching-related activities.
- All mobile devices must be encrypted and have a strong password or PIN.
- If a university-owned device is lost or stolen, it must be immediately reported to your local IT support group or to the UF Computing Help Desk.
Know Your Data
You are responsible for the data you use, process, and store. Read the Data Classification Policy and Standard.
Patch, Patch, Patch
All software has bugs, many of which can allow criminals to exploit your computer to steal or damage data. When new bugs are discovered, software vendors release updates and patches. It is critical that software updates and patches are installed quickly to prevent security compromises.
- If you use your own computer to do UF work (email, teaching, learning, research and administrative activities) you must install updates and patches as quickly as possible. Failure to do so could leave you responsible legally and financially for any breaches that occur. Learn about how to keep your computer up-to-date…
- UF’s VPN service allows faculty and staff to securely “tunnel” in to campus network and access services and files. Contact your IT support staff or ISM for assistance setting up a VPN connection. Learn more about UF’s VPN…
New Project or Grant? Purchasing Computers or Software?
If you’re purchasing a new computer system, service or software — even if funded by a grant or contract — please check with your Information Security Manager (ISM) or IT support unit before making the purchase. Many IT acquisitions must be evaluated with regards to security, privacy, and legal considerations as well as compatibility with existing UF systems. Not taking these steps can cause delays to — and extra costs for — your projects.
Choose Strong Passwords
UF’s GatorLink system requires the use of strong passwords. Creating high-quality passwords can be tricky. More information and tips for creating strong passwords.
Laws & Regulations
Violation of these laws and regulations could result in significant fines and penalties to UF, and possibly to the individual responsible for the violation.
There are multiple federal and state laws governing confidential information that impacts the University of Florida community:
- Florida Information Protection Act (FIPA)
- Family Educational Rights and Privacy Act (FERPA)
- Health Insurance Portability and Accountability Act (HIPAA)
Report Suspected Information Security Incidents
If you suspect an information security incident has occurred, even if you had part in its cause, report it immediately to your ISM or to the UF Computing Help Desk. Signs that could indicate an information security incident include:
- Your GatorLink password no longer works, and you did not institute a change. This could mean someone changed it without your knowledge, a possible result of a phishing incident.
- Your files are suddenly deleted or corrupted, or new files unexpectedly appear.
The IT Alerts page is frequently updated with information about campus IT services as well as warnings about cyber scams and viruses. https://alerts.it.ufl.edu
Free Cyber Self Defense Class
UF’s Information Security Office offers a two-hour workshop several times each year. The workshop is designed to raise awareness on topics including safe web browsing, preventing malware infections, recognizing phishing scams, and more. The workshop is part of UF’s HR Training & Organizational Development schedule. Register via myTraining.