Systems up or down

 

UniSA Staff Work Space & Device Security

University information has been classified into four high level categories that are detailed in the UniSA's information security policies and guidelines:

  • Public Data can generally be made available or distributed to the general public;
  • Internal Information is for general internal University use only and not for external distribution (internal information may be accessed by authorised staff and students);
  • Confidential Information is for internal use only with access only by staff who require it in the course of performing their University responsibilities (confidential information includes information that is protected by Federal and/or State legislation); and
  • Restricted Information which is to be kept strictly confidential with access on a strictly “needs to know” basis..

UniSA Staff need to be mindful of 'soft' copies (electronic copies - accessed and/or reading on a screen) of the University's data is secure (whether on/off campus or UniSA owned/personal device) and be aware that security can also be breached when 'hard' copies of data are photographed from your screen/desk or 'collected' by another party from a printer.

A clear desk assist in clear thinking, enables you and your colleagues to find items quickly, and promotes a more professional image to visitors. Maintaining a clutter-free workspace can also help to reduce workplace accidents and falls.

Tips on how to keep your desk and surrounding workspace clear of paper and clutter include:

  • Papers containing Confidential or Restricted information should be kept locked away if you are working on them but are temporarily away from your desk. A locked drawer is suitable for this purpose, or if you have your own office locking the door to your office will suffice.
  • Post-its should not be used to record Confidential or Restricted information, such as passwords or other similar information.
  • If large numbers of files are required a lockable filing cabinet should be procured, and when you are finished with a file it should be filed away and the filing cabinet locked as soon as possible.
  • Don't print out emails or papers only to read them and throw them away.  Only print what you absolutely need a hard copy of.
  • Always clear your desk before you leave for the day.  This will ensure information is not left unsecured, and you will be ready to commence work when you arrive the next morning.
  • All waste paper containing Confidential or Restricted information must be shredded or placed in 'confidential waste' bins. Under no circumstances should this type of waste paper be thrown away in normal waste or recycle bins.

A clear screen works in a similar way to a clear desk and allows you to think more clearly:

  • Close any applications or windows that are not required.  Any that are required on an ongoing basis (e.g. Outlook) can be minimised to reduce clutter on your PC desktop.
  • Every time you leave your desk, even if only for a few minutes, you should lock your screen (on your keyboard press the Windows and L keys at the same time).  A quick chat or coffee break can turn into an extended time away from your desk, and it only takes a moment for information or data to be stolen or corrupted.  University computers are configured to require a password to unlock and this should not be disabled.

ISTS have developed a policy for Windows workstations that can protect you and the University by automatically locking your workstation after 5 minutes of inactivity.

It is recognised that some workstations may be used in a way that is not compatible with this policy. If a workstation needs to be exempted from the policy raise a call with the IT Help Desk, stating your business case, machine blue plate and the location of the computer. Our Security team will then review the request and if the business case is sound an exemption will be enabled for that workstation.

If you walk away from your workstation and do not lock it or log off, it poses a security risk to you and the University as someone could use your workstation in an unauthorised way to:

  • Send email from your account
  • Tamper with or delete your files
  • Access and download confidential data

The easiest way to prevent unauthorised access to your workstation is to lock it when you are away. Locking the workstation will not shut down any program or close any files that you are working on. All you have to do to get back in is enter your password and you can pick up where you left off.

Hold down the Windows key and press the L key.

Theft or misuse of devices leaves the University susceptible to exploitation of any data the devices may hold.

Every time you leave your desk ensure any mobile devices (such as USBs, external hard drives and mobile phones) are locked away or taken with you.

UniSA Staff are STRONGLY ADVISED AGAINST storing any confidential data on portable storage devices.

UniSA's information security policies requires staff to use encryption or equally strong measures on sensitive data stored in mobile or portable computing devices, and confidential data must not be downloaded to mobile computing or storage devices unless approval has been obtained from the relevant data owner.

NOTE: If you access your email or other UniSA data on your mobile and it is lost or stolen (regardless of whether or not its UniSA owned or personal), you must call the IT Help Desk ((08) 8302 5000) IMMEDIATELY to ensure your account remains secure. 

Confidential or Restricted information left lying around in printer trays may be picked up and/or used maliciously by someone who shouldn't have access to that information.

All printers should be cleared of papers as soon as they are printed. This helps ensure sensitive documents are not left in printer trays for the wrong person to pick up.

By default UniSA Staff DO NOT get local administrative access to devices they are the primary user of.

If a staff member believes they require a local administrator account on the PC they are using they can complete Local Admin Access request for consideration.