Mobile devices like smartphones and tablets present unique security challenges because of their portability and simplicity.

Typically, malware is downloaded unknowingly when an unsuspecting user opens an infected file or visits an infected website. Once it's on your computer, it launches a specific kind of attack based on its design. For example, keyloggers record each keystroke and report it to hackers, who look for usernames, passwords, and other sensitive credentials. Trojans masquerade as useful or benign software—often as fake anti-virus software or games—to trick users into opening them and granting them access to system files or the ability to download more malware.

You can protect your computer against malware by installing anti-virus software and running routine scans.

Data management is the responsible stewardship of data throughout its lifecycle.

There are five components to data management:

Acquisition—What data is acquired, how, and why?

Utilization—How is the data used? Does the use support an institutional need or University activity?

Maintenance—For how long is data retained? What are the data management rules?

Access—Who is authorized to access, under what requirements, and under whose approval?

Protection—How are the confidentiality, integrity, and availability of data maintained?

The best way to manage data safely is to recognize that it's an integral part of your job responsibilities and to incorporate it into your workplace routine. Turn safe computing and information behavior into new habits, and be mindful of how your actions affect the security of your data and devices.

Knowing what kinds of data you use, as well as how and where you use them, is the first step. This knowledge will help you maintain a cleaner system and respond more quickly to possible IT security incidents.

Review the Secure UD Essentials and best practices for information security and take note of opportunities for you to improve the way you manage the data in your care. Be aware of and understand your responsibility to support unit security efforts. Your unit will have an information security plan that describes the requirements and processes for protecting IT resources.

In many cases, sensitive data is hidden in larger data sets or files. To find sensitive data on your computer, download the Identity Finder, and use it to scan your computer. Identity Finder is University-licensed and free for faculty and staff to download and use. Upon completing a scan, it will generate a report that will assist you in finding and protecting any unencrypted sensitive information, including Social Security numbers, on your computer or drives.

Encryption is a means of protecting files and devices. When you encrypt a file, you "lock" it with an encryption key or password. The file itself is scrambled and becomes unreadable without the appropriate key or password.

Faculty and staff are required to encrypt portable devices (laptops, tablets, smartphones, and removable storage media) and sensitive University information.

IT recommends that all members of the University community also encrypt their personal devices and sensitive files to protect them from misuse. Don't leave your data defenseless against thieves and hackers!

You shouldn't use email to send or receive sensitive data. If an email account is hacked or if the email is forwarded, that sensitive information could easily be exposed to someone other than the original, intended recipient. Instead, use a secure file transfer service like UD Dropbox or a secure Web form.

 If, for some reason, alternatives are not available and you must use email to transmit sensitive information, that information must be encrypted. Encrypt the file first, then send the encrypted file as an attachment. Contact the recipient separately to provide the encryption password. Never send sensitive information in cleartext.