On This Page:
Under the FERPA law, most student information is confidential and should be handled with care. By securing your computer and work environment, you can now avoid accidents where student's personal, financial, or academic information falls in the wrong hands. Our information security tips provide a few practical suggestions for creating a 'data-safe' work environment.
Update your computer
Any computer connected to the Internet runs the risk of a virtual attack. Security breaches often occur on systems that are not up-to-date, do not have User Accounts, and do not use the most recent anti-virus software.
Use UMass Amherst IT’s Security Tips to learn more about what you can do to protect your computer. Note: These pages are intended for computers that are not connected to a network. If your computer is part of a network, you should discuss security issues with your system administrator. Security Tips to Protect Against Viruses & Security Threats
Password-protect your computer & your files
1. Create strong passwords
Weak passwords make your computer vulnerable to various types of attacks. Password-guessing software has become more sophisticated, and many break passwords by ‘dictionary attacks’, trying every possible combination of characters. It is critical that you:
- Create passwords that meet the industry guidelines for strong passwords. Password Guidelines
- Never write down your password. Often people store their passwords on a post-it note next to their monitor. This is the easiest way to gain access to a computer. Store your passwords (or hints to the actual passwords) in a secure location, such as a locked drawer.
- Change your passwords periodically. Remember to change important passwords every 90 days or at least every semester. This will make your passwords less vulnerable to ‘dictionary attacks’.
- Always say 'No' if prompted to save a password. Some browsers offer to save your passwords. Get in the habit of always saying ‘No’.
2. Learn how to lock down access to your computer and files
Find more detailed information about securing either Microsoft Office files and either Windows or Mac computers: Password-Protect your Computer & Files. In summary, you can use these strategies to enhance security:
Sharing student data...
Use campus email or your departmental email address
Not all email services provide the same level of protection for your messages. When sharing student information with others:
Storing student data...
The rule of thumb: avoid storing student information on your local machine, unless absolutely necessary. If you do have to store student data, ask yourself: How sensitive is this information? Do I really need to save it? Here's what we recommend:
1. Do not save student data on shared drives
If your department has a shared drive, check with your system administrator about how you could restrict access to certain files or folders. As a rule, use caution when saving student information on shared drives. Consider using your Box account instead (see below).
2. Do not use portable storage media
CDs, USB flash drives, or floppy disks are convenient, but certainly not secure. Because they can be easily lost or corrupted, we recommend that you avoid using them for work with student information. Consider using Box as a secure storage alternative. See more information about your UMass Box account here: About Box.
Protect your hardware
1. Store computer equipment in a secure physical location
Make sure that all your computing equipment (e.g., your laptop, desktop and any portable storage media) is stored in a secure location. This involves locking the appropriate office and storage unit doors, and placing hardware in locations where it cannot be easily removed.
2. Use a laptop security cable
A security cable will discourage anyone from walking away with your laptop. Consider getting one, especially if you do most of your work from your laptop. Laptop security cables are available at most computer retailers.
Cover your virtual/paper trail
1. Exit all files & close all application windows
Once you’re done working with student information, close all windows, sign off all applications, and exit all files. Make sure to log out of SPIRE, too. This will ensure that confidential information is not readily available to by-standers, especially if your computer is located in a public area.
2. Shut down your computer
Turning off your computer is a simple, but effective data-protection strategy. If your computer is turned off, your files remain off-limits even if your machine is stolen or there is a network breach. Always remember to shut down your computer when you leave for the day.
3. Shred printed information
Does your department have a shredder? Make sure you shred, not recycle the confidential documents you no longer need.
Off-campus dos & don'ts
Avoid using public or shared computers
While you have spent a considerable amount of time securing your machine, this may not be the case with other public or shared computers, especially off-campus. We recommend that you limit your work in Internet cafés, public libraries, or on any computer that is not yours.
- Lock the screen. This is a simple strategy that allows you to temporarily ‘lock’ your computer when you step away from your desk without having to shut it down.
- Use a password-protected screen saver. As an alternative to 'locking' your computer, you can set up your screen saver to prompt you for your User Account password once you resume your work.
- Use passwords to 'lock' your documents. Most Microsoft Office applications (e.g., Word, Excel) give you the option of creating passwords for individual documents. Use these passwords to restrict access to files that contain sensitive student information.