Search Google Appliance

Information Technology

Security Checklist for University-Owned Computers

Faculty and staff can protect their University-owned computers by checking off all items on this list. Some computers are centrally-managed by the department, but in other cases, faculty and staff are responsible for individually adhering to the University's data security policies. If applicable, check with the IT professional in your department before making changes to your computer. Your department may also have other internal security policies you need to adhere to and some checklist items may have already been completed on your behalf. For personal computing devices, see our Security Checklist for Personal Computers.

1. Use anti-virus & anti-malware software.

Download and install McAfee ePO anti-virus software on your University-owned computer (it's free!). Make sure you have the latest version of the software, your virus definitions are set to update automatically, and on-access scanning is enabled. We recommend that you run a full scan of your computer at least once a month. 
Note: Please do not use the personal version of McAfee anti-virus software on University-owned computers.

Use Anti-virus Software for Windows or Macintosh | Install Malwarebytes & Scan Your Computer for Malware
Beware of fake anti-virus software and other rogue programs. Always download software from reputable sources. 


2. Update your computer's operating system.

Enable automatic updates and receive critical patches as soon as they are released. To keep your computer's operating system up-to-date, go to:

  • Windows: update.microsoft.com
  • Macintosh: System Preferences > Software Update...

3. Update your computer's software.

Always update third-party software and plugins, especially your Web browser, Java, and Adobe products. Download software security patches and updates when prompted to do so.

Secunia CSI for departmentally-managed Windows computers | Secunia PSI for unmanaged Windows computers | Macintosh Software Update


4. Create a Restricted User Account & an Administrator Account for your computer.

Create a Restricted User Account for everyday use and keep the Administrator access for special tasks (e.g., software installation). Learn how to set up a User Account.


5. Use eduroam for wireless on campus.

Used a wired connection for Internet access whenever possible. When you must use wireless, choose eduroam. It is fast, convenient, and more secure. Use our setup wizard to configure your computer, then connect automatically from any wireless coverage area on campus.
Wireless Network Access


6. Use the Virtual Private Network to access the campus network remotely

The Virtual Private Network (VPN) provides a secure, encrypted connection between your off-campus computer and the campus network. The VPN should be used if you are remotely connecting to your workstation from off-campus. 


7. Clear your browsing data.

Web browsers often store information from Web sites you visit (e.g., cookies). Clear this information often or set up your browser to do it automatically, especially if you use SPIRE or other University applications containing sensitive data. Check the browser’s help guide for instructions. We do not recommend saving passwords in a Web browser. 


8. Choose strong, unique passwords.

Your UMass IT Account password should be different from your other passwords. Build your passwords using UMass IT’s Rules for Passwords and remember to change them at least twice a year (with daylight savings).


9. Use a password-protected screen saver.

‘Locking’ the screen or using a password-protected screen saver allows you to lock your computer without shutting it down when stepping away from your desk. Press the Windows key + L to lock your Windows computer. To protect your cell phone data, enable a passcode and set it to auto-lock. 


10. Know what constitutes sensitive data.

Familiarize yourself with the data classification model in use at UMass Amherst. Learn more about sensitive data in practice and think about the types of University data you work with on a regular basis. Discuss your responsibilities when working with sensitive data with your supervisor.
Understand Sensitive Data at UMass Amherst | Storing & Handling Guidelines


11. Use Identity Finder to keep track of sensitive data.

Download and install Identity Finder software, then scan your University-owned computer at least twice a semester. Identity Finder helps you locate sensitive data (e.g., grades) on your computing devices. Back up important files to a secure location and delete the files you no longer need.
Identity Finder at UMass Amherst


12. Do not store sensitive data on USB drives.

Any portable storage device can be easily lost or stolen. For sensitive data, use a more secure storage space, such as a departmental server or UDrive, UMass IT's secure file storage system. Be sure to talk to your supervisor about recommended storage. 
UDrive: Online File Storage


13. Do not leave your devices unattended.

Purchase a security cable for your University-owned laptop. Register your laptop and mobile devices with the UMass Amherst Police to help identify them in case they are lost or stolen.
UMass Amherst Police Department


14. Keep track of all your devices.

Record the make, model, and 12-character identifier (a.k.a. MAC Address) of your University-owned computing devices. This may help locate them faster if they are lost or stolen. To find a device’s MAC Address, check the below instructions, the product manual, or packaging.
Find Your MAC Address


15. Report any lost or stolen University-owned devices.

If your University-owned computing device or any device containing University data is lost or stolen, fill out the Report a Lost or Stolen University-Owned Computing Device form.