Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Security
Security Tools - Sensitive Information
This article provides information about the safest practices for handling sensitive information.
Stolen information can result in identity theft and compromise. Unprotected information can be stolen from anywhere at any time. It can be taken when you least expect it. Sensitive information is not limited to just social security numbers or credit card numbers. It also includes student information and grades, human resource data, and private research data, as well as other types of information.
Sensitive information can become public with a click of the mouse. Take a good look at the way you store and share sensitive information. It is spread everyday through minor human errors that can be easily prevented.
- Unnecessary records: Always know what personal information is required to complete any transaction. Never ask for or supply more than is necessary.
- Taking the easy way out: Never bypass security protocols for an easier way or an old habit. Future consequences can far outweigh the few seconds you may save.
- Improper handling: Everyone capable of accessing sensitive information should be made aware of its importance and be trained in handling it.
- Forgetfulness: Be aware of the location of any sensitive information at all times. See Identity Finder below for help with finding sensitive information on your computer.
Make sure you follow these security tips: to protect your data:
- Protect your data.
- Avoid using an insecure wireless internet connection when accessing sensitive information over the web.
- Use the UChicago Virtual Private Network (cVPN) when traveling and you need to access sensitive data on an unfamiliar internet connection.
- Log out of web applications when you are using a public or shared machine to access sensitive information. Remember to explicitly log out and exit the browser.
- Do not save passwords or data in web forms.
- Use encrypted thumb/flash drives for external mobile data storage.
- Protect your passwords.
- Do not use your CNet password outside of the University.
- Use strong passwords, such as a password phrase and include at least three (3) character sets (e.g., xxXX123@#$).
- Do not share your password with anyone, including family members.
- Do not provide your password, credit card or social security number in emails, especially emails that threaten to take away computer services or such from you if you do not provide this information.
- Use a password database, such as Password Safe, which is a free open-source product and can be used on multiple operating systems. Note: This application is not supported by IT Services.
- Protect your computer.
- Rename your administrator account and set an administrator password that is strong. Be sure to use at least three (3) character sets (e.g., xxXX123@#$).
- Turn off the guest account when not needed.
- Turn on your computer's firewall.
- Run an anti-virus application, such as Symantec, which is offered free to faculty, students and staff.
For more information about safe computing practices, visit our Safe Computing website.
Tools for Keeping Information Safe
We offer two free services to help you keep sensitive information safe. For information about storing and sharing Microsoft Office files safely, see Security Tools - Keep High Risk Files Safe.
When you need to share a file containing sensitive information, do not send the file via email; instead, place it on one of the University's file shares such as Tank, UChicago Google Drive or UChicago Box.
Note: Some departments have established alternative file sharing systems for their staff; check with your department to find out whether such a system is in place for your department.
Use Identity Finder (IDF) to search your computer for sensitive information that has been saved there, such as credit card numbers, social security numbers or passwords. This program will help you know if your information is vulnerable to theft. Business units are trained and supported by the Identity Finder project team. Faculty, students, and staff who require technical support should contact IT Services Support.