Remember not to forget sensitive information in papers, printer or scanner at your workplace

  • January 16th, 2024
Image de la noticia

What can I do in my job at UV regarding the security of the information I use?

We must bear in mind that the main consequences of a leak or loss of information due to negligence are always for the University of Valencia and therefore, we must take into account the following points:

1. We must maintain confidentiality in relation to any information to which we have access during our work in the UV, indefinitely.

This should apply to confidential information as personal data, and must be accompanied by a confidentiality agreement. You should not publish corporate information about people or projects on social networks.

2. We must notify any security incident related to the job, either in the UV itself or abroad.

Specifically , the staff employed should notify:

  • virus / malware alerts generated by the antivirus
  • suspicious calls received asking for sensitive information
  • emails containing viruses
  • loss of mobile devices ( laptops , smartphones or tablets) and external storage devices (USB, CD / DVD, etc.)
  • any suspicious activity that you can detect in your workplace
  • accidental deletion of files
  • accidental alteration of data or records in applications with
  • information review
  • anomalous behaviors of information systems
  • finding information at locations not designated for it
  • evidence or suspicion of physical access by unauthorized personnel, to
  • areas of restricted access (CPD, offices, warehouses, ...)
  • evidence or suspicion of unauthorized access to computer systems or confidential information by third parties

3. We must be aware of the negative importance of publishing or sharing passwords .

Keys are confidential elements and must remain secret, since only This way , the confidentiality and traceability of the actions can be guaranteed. Therefore, they should not be shared or sign documents or any other soporte.La need to access the computer of a colleague to continue his work when he is absent can be solved with alternative measures:

  • use of shared departmental information repositories
  • Determine the prohibition on storing information on personal computers

4. We should block the session by absenting ourselves from the job.

Leaving a computer without protection during lunch, lunch, or even at night is equivalent to not using an access password . The user must be taught how to block their equipment easily. Likewise, we must leave our equipment turned off at the end of the workday.

In addition , we must establish the appropriate technical security policies so that the blocking of the job is done automatically after a reasonable time without activity on the computer. You can also set measures to automatically turn off the equipment when the workday ends.

5. We must be aware that the use of online storage services must be done within our network.

This type of services, usually called " cloud ", are very useful for storing copies of UV information , facilitating teamwork and allowing work from outside the office. To make a safe use of this type of services, we must take a series of precautions, such as:

  • register profiles of exclusive corporate users for the management of corporate information
  • prohibit using the corporate user profile for private use
  • use some encryption mechanism before uploading the UV information provided it is not information public
  • that the use of this type of services is authorized by the IT staff
  • we must make use of cloud environments that are authorized by the UV
  • not use these services as permanent repositories but temporary

6. We must make proper use of removable storage media .

The use of pendrives and external hard drives is a common practice that carries a high risk of loss and theft of information . There are several mechanisms to reduce the need for this type of media and thus guarantee the security ofinformation . We can implement alternatives to this type of devices, such as:

  • the use of common repositories for the exchange of information
  • implement the possibility of remote access for remote work from outside the office (VPN) make use of online storage services.

However, in case its use is necessary , we will need to apply certain precautions, such as:

  • use encryption mechanisms that impede access to information
  • in case of loss
  • devices using biometric access mechanism (fingerprint) or disable password protected by default and enable the USB ports on personnel who need such functionality periodically or manage large files.

7. We must avoid as much as possible the alteration of the configuration of the equipment and the installation of unauthorized applications.

We can not modify the corporate devices to install new applications or modify the system configuration . Although in desktop computers this measure is simple to apply, it can be more difficult to apply it on smartphones , tablets and evenlaptops .

If it is necessary to install an application or modify the original configuration of the equipment, it must be requested to the IT staff .

8. Posing as an obligation to keep the work documentation when absent from the job and at the end of the work day ( Policy of clean tables).

All documentation that has been managed during the day should be properly stored during extended absences.

This is especially important if we work in shared environments with third parties, or in public service. In this way we will avoid prying eyes that may lead to a leak of information , in addition to the theft of documents that may containconfidential information .

A policy of clean tables requires that:

  • the workplace is clean and tidy
  • the documentation that we are not using at a certain time must be stored correctly, especially when we leave our workplace and at the end of the day
  • there are no users or passwords listed in post- it or similar

In addition , even if it is not a specific measure of clean tables, if we leave the workplace, we must block our equipment to prevent unauthorized access.

9. Also pose as an obligation , destroy the documentation through secure mechanisms.

All obsolete or unnecessary documentation should be destroyed . If we have contracted a safe destruction service on demand or through recycling bins, we must notify our colleagues.   of its existence and obligation of use.

On the other hand, we must know the risks associated with the use of common litter bins for sensitive documents, such as personal data, economic information , etc.

10. Be careful not to abandon documentation in printers or scanners .

It is common for a user to send a document to the printer and pick it up

later, or print it through the printer from another department, for technical reasons, higher quality or special features (color printing, A3 size, etc.)

During this time the documentation remains available to other users, who can pick it up accidentally or intentionally.

11. We must comply with internal regulations regarding information security and use of computer resources at our disposal.

We must be aware of responsible use and that it should only be used for work activity.

12. Care with mobiles, tablets, corporate / personal mixed use etc (BYOD)

Currently, it is common for staff to use and connect their personal devices ( laptops , smartphones , tablets) to the UV network from home, the office itself or elsewhere, allowing the "mixed" use of these devices with those for corporate use.

The corporate use of these devices can pose significant security risks that must be taken into account. The main security measure is to get involved and to be aware of the correct use of these devices.

We must know that those personal devices used to access corporate resources may require the use of specific security configurations and adapt to security measures dictated by the organization .