Information Security at CityU
City University uses a defense-in-depth approach to protect information stored on its systems, including the use of electronic systems and security processes. The most important component of our security strategy is people. Without cooperation and diligence on the part of students, staff and faculty it is impossible to provide complete security.
Students, staff and faculty do their part to increase information security by:
- Being cognizant of the importance of information security, of the risks of leaving sensitive information and systems exposed, and of the requirements for information security under CityU policy, the Family Education Rights and Privacy Act (FERPA), and other laws and regulations.
- Ensuring that use of City University systems is within policy guidelines, that active computers and terminals are not left logged in and unsecured, and sensitive materials are not left in the open.
- Installing and maintaining passwords, firewalls and virus protection on all personal devices including computers, phones, tablets, etc. which are used to access City University systems and accounts.
- Using strong passwords for CityU accounts and don’t share those passwords with others.
- Immediately report security breaches and suspected security issues.
Information Security Tips for Students & Faculty
- Choose a good password and keep it secure. A good password:
- Is at least 8 characters, but 16 or more is better.
- Does not use words from a dictionary.
- Does not use personal information like your name, your kids’ names, birthdates, anniversaries, house numbers, hobbies, or, if you are a golfer, the word “bogey”.
- Mixes upper-case, lower-case, numbers and symbols.
- Is something you can remember with a rhyme, a phrase, or other memory aid, but is meaningless to anyone else.
- Is not written on a little yellow sticky next to your monitor.
- Is never shared.
- Is used on only one account. If you do share accounts, make sure that your most important accounts – banks, school, etc. – each have their own password.
- Is never stored on the computer. If the browser offers to remember it, tell the browser no!
- Is never given to someone claiming to be tech support.
- Close the browser after you use a secured site. This erases information stored in memory for the browser and makes sure that an evil application at the next website can’t steal it.
- Always log off of a computer after you are done.
- Never follow links in emails, on social media sites, or other places where you are not absolutely sure that the link is really from someone you trust.
- Make sure your downloads are from reputable people on sites. Check the site and person’s reputation. Know what others have said. Remember free things often include free viruses, worms and other evil ware.
- Be aware of signs that your computer may be infected. Common signs include:
- Erratic mouse movements, jumping around, slow to respond, moves by itself.
- Slow system performance. Especially suddenly declining performance.
- The disk spends a lot of time spinning and making noise.
- Random windows pop up on your screen, often briefly.
- Your anti-virus software is turned off and you didn’t do it.
- Files and directories you didn’t create appear on your system.
- If you see signs that your computer may be infected, stop, get help immediately. The longer a system runs infected, the worse the problem can become.
- Make sure you have backed up your data on the network, on a memory stick, or somewhere safe. The backup should be encrypted.
- Password your phones, but put an “In case found” number on the background screen so when you lose it, the nice people know who to call.
- Use a cable lock for your laptops. A three number combination will slow a thief for 5-10 minutes; a four number combination will slow them for 1-2 hours.