Security Guide

Essential practices

  • Use current versions of your software and apps. Update them regularly.
  • Back up data. The department of Human Ecology uses Google Drive, Box.com, Microsoft OneDrive, Crashplan, Veeam and local backups. If you are unsure as to if your data is being backed up please contact the IT Team as soon as possible.
  • Encrypt your data. Work with your local IT support to ensure that your mobile devices, laptops, and phones are encrypted.
  • Use multi-factor authentication to protect your accounts. UC Davis uses Duo; see https://itcatalog.ucdavis.edu/service/duo-multi-factor-authentication
  • Password management

Store, discard, and handle sensitive information safely

  • Store sensitive data in secure locations, whether digital or physical. Lock up printed material.
  • Safely delete or discard information you no longer need. Shred documents that have sensitive or personal information before discarding them.
  • Public wi-fi networks are less secure than private networks. When handling sensitive information, use a virtual private network (VPN). The UC Davis Library has a VPN: see https://www.library.ucdavis.edu/service/connect-from-off-campus/

Support for research

UC Davis can help you protect your research and meet the security requirements of granting agencies. Examples:

  • The Sponsored Programs Office, https://research.ucdavis.edu/contact-us/sponsored-programs, can help you meet security needs for grants.
  • Information and Educational Technology can help you develop a secure research computing environment with AWS (Amazon Web Services) that meets NIST 800-171 guidelines.

To discuss research security needs, email cybersecurity@ucdavis.edu with “Research Support” in the subject line.

Travel

  • Before traveling, see https://globalaffairs.ucdavis.edu/travel
  • Do not expect privacy, especially when crossing national borders, even when returning to the United States. Some nations, including the USA, severely restrict data that can travel to those nations. 
  • Do not use public wireless networks. 
    • Using a virtual private network (VPN) will improve security, but still might not be secure enough for sensitive information, depending on your location. Ask your home department for guidance, or consider using the UC Davis Library VPN: https://www.library.ucdavis.edu/service/connect-from-off-campus/
    • Look into getting a secure, personal, wi-fi hotspot device—a cellular device used exclusively for data. Talk with your department’s IT support.  
  • Never enter your credentials into a public computer, i.e. at a hotel business center or internet café. Public computers are not safe.
  • Consider printing your multi-factor authentication Duo codes as a backup in case you lose your multi-factor device. See http://kb.ucdavis.edu/?id=3833

Always watch out for:

  • Phishing. Be skeptical when you receive a message that is unexpected, urgent, and/or seeks money or personal data. If you think the message is legitimate, independently verify it with the person who (supposedly) sent it to you.
  • Ransomware. This happens when a hacker locks your information until you pay a ransom. To forestall a potential loss, back up your files in a location that an attacker could not access.
  • Exercise caution when opening attachments encountered via email, chat rooms, and on social networking sites. Such attachments might carry malware.
  • Exercise caution when using file-sharing person-to-person applications. Be sure they are secure.
  • If you suspect your account, computer, or other digital resource has been compromised, please contact IT Express (ithelp@ucdavis.edu) and cybersecurity@ucdavis.eduimmediately. See http://kb.ucdavis.edu/?id=2882

UC Davis resources/services

  • Safe procurement. When you procure services or software from vendors for the first time, find out if it has good security practices. Consult your department’s IT support. You can also request a vendor risk assessment via https://itriskmanager.saiglobal.com/ucdavisgrc/
  • Data sensitivity guide. This work in progress, at https://cloud.ucdavis.edu/data-types-list, defines different types of data, and offers general ideas on where you can (or should not) safely store that data. 
  • General information resources:
    • The UC Davis IT Service Catalog lists tech-related services: itcatalog.ucdavis.edu
    • The Knowledge Base has information and directions on how to use various technologies at UC Davis: kb.ucdavis.edu

As always please feel free to reach out to the Human Ecology IT staff with any and all questions.