Secure Your Working Environment

Northwestern provides the University community with a robust network and access to an array of information assets critical to the business and operations of the University.

Due to the sensitivity and regulations associated with much of this data, it is essential that every member of the Northwestern community work to protect it and minimize the occurrence of security incidents.

It is your responsibility to read, understand, and comply with University policy, and to use Northwestern’s security resources—tools and support organizations that assist faculty, staff, students, schools, and departments—to help ensure the safe and secure operation of the network and conduct of University business.

You can also help by following the security practices outlined below. Always check with your local technical support staff before implementing changes.

1. Protected Data

Treat all sensitive data as a highly valuable asset and minimize the chance that it is released to unauthorized users:

• Identify sensitive data inputs, location, and sensitivity
• Do not use Social Security numbers as an identifier, use employee or student ID instead
• Encrypt private data sent across the network; see your local technical support staff for instructions
• Save sensitive data files to a network drive, not a personal computer
• Restrict access to sensitive data to those who "need to know"

2. Careful Disposal

When you no longer need sensitive data, it is better to dispose of it than continue to account for it. Ensure data cannot be recreated and follow careful disposal best practices:

• Only store necessary data and delete it when it is no longer needed
• Shred papers containing sensitive data
• Follow the Disposal of Northwestern University Computers Policy
• Sanitize hard drives of disposed computers to remove sensitive data
• Dispose computers through University Services' Computer and Peripherals Recycling Program

3. Safe Connections

Sensitive data is more easily stolen when it is being shared between users, so take note of the connection you use. Unapproved wireless networks, e-mail, and public computers are particularly vulnerable to security breaches.

• Use only Northwestern-approved networks and wireless access points
• Do not e-mail private data, as messages can be intercepted
• Use Virtual Private Network (VPN) when off-campus for a secure connection
• Find out more about University policy regarding Security Risks of Network Extensions

4. Be Prepared

In the event of a disaster or a security incident, do you know what to do? These events occur unexpectedly, so find out in advance how to respond:

• Report any known or suspected security incident to your management, your local technical support staff, and NUIT's Network Operations Center at (847) 467-NNOC (6662). You can also e-mail security@northwestern.edu
• Learn about your school or department's business continuity plans from your dean or department chair
• Make regular system backups and test your system restore function; check with your technical support staff for details