ACG User Security Tips

Computer security is getting increasing attention from both campus administration and criminals, so we all need to understand and fulfill our obligations. Here's what you need to know:

UCB Campus Security Page

Passwords

Passwords should be more than 12 characters and include a mixture of upper and lower case letters, numbers, and punctuation. Sample good password: Egb0y/grl/df! (every good boy (or girl) deserves fudge).

If you use a mobile device (phone or tablet) to access your campus e-mail and applications, make sure that device has a screen lock. Don't use anything easy to guess like a phone number or birth date.

Password cracking abilities are increasing rapidly and security breaches at online services are all too common. These two factors mean we need even better password management:

  • Don't use the same password on multiple services. This includes a single password with variations: B3tty-Boop1, B3tty-Boop2, !B3tty-Boop3
  • Consider using a password manager; reviews here. ACG staff can help you set this up. The advantage is that you can use a separate, long and random password for each site (like z;@AsV!%jE4t75Si3/) and you don't have to remember it.

For more information, see the UCB Security group page on protecting your credentials.

You are responsible for protecting your passwords for all University systems. This includes, but is not limited to, the following:

  • If you ever get a message telling you that you need to e-mail your password or fill out a web form in order to maintain access to a system (EECS, UC, bank, anything), it is almost certainly fake. Forward the message to acg@eecs, and we'll let you know if it is legitimate.
  • Do not write any password down and keep it in an accessible place. If you can't remember a password, then start using a password manager like LastPass. You set one long passphrase for the password manager, and then it remembers all of your other passwords.
  • Do not share your password with anyone, in person or via email. Systems staff can do everything they need without having your password, and colleagues, workstudy students, etc. should all have their own passwords. If you need help sharing files or e-mail, ask ACG.

Information Privacy

The California law known as SB 1386 set up special regulations for personal financial information: social security number, driver's license number, and bank account or credit information. The best way to comply with this law is not to store this information on any computer. If you need this information from someone, ask them to tell you over the telephone and then shred any no-longer-needed paper notes when you are done with them. If you receive this information in e-mail, delete the e-mail as soon as you no longer need it. (You should also secure your paper files: lock file cabinets whenever not currently in use, and remove and shred documents that you no longer need to keep.)

If you have computer files with SB-1386-protected information that you must keep, please contact ACG so we can work out the safest way to do so.

Under Federal law (FERPA), student information is also protected. Whenever possible, do not send student id numbers and names together in email. If you must send both to someone, they should be encrypted. Our recommended method is to upload a file to Box and share it. The campus has a contract with Box for cloud storage, and the service has been approved for FERPA-protected data. Another option is to use an Excel spreadsheet with password protection. Feel free to ask ACG for help with either of these techniques.

If you work from a laptop or home computer, you *must* not have any files containing protected data on this computer. Work-related files should remain in your home directory (H:) or shared project space and be accessed from there.

Laptops, in particular, are very vulnerable to theft. Do not store *any* confidential or irreplaceable data on a laptop. We have anti-theft cables that can be used with departmental laptops; this is far from a complete solution, but does help. Contact ACG if you would like one.

Policies

You are responsible for knowing and understanding the University policies that apply to computing and electronic data. If you have any questions, ask ACG.

General Online Security Tips

Here are some general tips and advice for online security from the Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA). These may be helpful as you're dealing with your personal devices (computers, tablets, smartphones, etc.) and online services.

Questions to janp@eecs.