University of Florida employees are required to keep restricted information safe from unauthorized access.
Restricted data is defined as, but not limited to:
Please read the UF IT Data Security Standard for more information on Restricted, Unrestricted and Sensitive classification.
Legislation establishes personal and institutional liability and fines for breach of private data.
Employees working with health related information must also be aware of HIPAA issues. For more information, see the UF Privacy Office.
The UF IT Security Team strongly advises against the transfer and storage of restricted data on personally managed machines.
Below are things you should do to help protect the data you work with.
A lot of restricted information is stored on computers. By doing these three things you significantly decrease your chance of giving an intruder access to your data.
Most users can use a Virtual Private Network connection to encrypt communication from an untrusted network, such as from home or on a wireless network. For more information on VPN and to download the UF VPN software, visit this link.
If you must store restricted data on a computer, please take the necessary steps to encypt it properly. The Health Science Center has a comprehensive guide to encyption, you can download the PDF here.
Everytime you step away from your computer, even if just for a minute, you should lock your workstation. If you're not sure how to do this please refer to your operating system's manual or consult your Information Security Manager.
Set up monitors so that shoulder-surfing is difficult. If restricted information is viewable from over your shoulder, then it's not secure.
All equipment with restricted data should be locked safely away when not in use or unattended, whether behind doors or under locked cases. Please advise your department's Information Security Manager of all unlocked equipment.
Restricted information in paper form should be shredded and electronic data should be rendered unreadable. Please visit the Assets Management Services page to learn the best ways to detroy data.
Before allowing anyone to install new hardware and software on university systems, please obtain approval and guidence from you department's Information Security Manager. This also applies to personally managed computers that contain university restricted data on it.
Immediately pickup sensitive material from faxes, printers and copiers. The longer this information is unattended the better chance for someone else to access it.
If you have a badge-protected room beware of persons following behind, or 'tailgating' on your entry. Make sure you know who they are, otherwise turn them away. When meeting with outside guests such as vendors, students, visiting professors, etc.. make sure you are with them at all times.