Secure Office Practices

All individuals are responsible for complying with and following financial data and systems agreements, responsibilities, policies, and procedures. Individuals are responsible for reporting security violations to the University Financial Helpline or their appropriate supervisor or department head. Supervisors and department heads are required to report the security violation to the University Financial Helpline.

An individual's computer use and privileges may be suspended until an investigation is completed. Such suspected violations will be reported to the appropriate supervisors, department heads, FSS Security Officer, and OIT Data Security where applicable. Security violations may result in revocation of access privileges, disciplinary action, including dismissal or legal action.

Resources

Two-factor authentication

OIT Provisioning and Requests

OIT Technology Helpline

System Status (tells community if systems are down, major issues, etc.)

Supervisors and department heads need to make sure their departments have in place an effective departmental security program. This program promotes secure office practices and standards to ensure that authorized individuals do not share User IDs and that the financial data and systems are protected from unauthorized access. To be effective, these standards and practices need to be communicated to and supported by all individuals.

  • Supervisors and department heads need to plan for access needs of new staff or new job assignments and must follow University policies and procedures when requesting access.
  • Work areas should be configured to minimize potential unauthorized use, disclosure, modification or destruction of financial data and systems. Unescorted visitors should not have access to workstations. Off-hour access to work areas should be restricted.
  • When vacating computer workstations, secure terminals from unauthorized use, either by logging completely off the system or otherwise securing the terminal from unauthorized use.
  • Media that stores financial information must be secured, (e.g., hard copy, diskettes, hard drives). Financial information must be deleted, discarded or destroyed properly.

Proper Use

All individuals are responsible for proper use of the financial data and systems and are the first line of defense to protect information assets of the University.

  • Never share any IDs and passwords.
  • Financial data and systems can only be used to perform official University job duties. See Financial Data and System Security in the UWide Policy Library.
  • Use of the financial data and systems for personal gain, personal business or to commit fraud is prohibited.
  • Understand and comply with Acceptable Use of Information Technology Resources Policy 2.8.1.