Non-Secure Systems

Using Personal Computers (Non-Secure Systems) for University Business

 

Q: What is a Non-Secure System?

A: Per the UIC IT Security Program, a Non-Secure System is defined as a personal computer used to access University data or perform University work.

Q: So, does that mean if I use my personal computer to browse the UIC web page, it’s considered a non-secure system?

A: No, browsing public UIC web pages or viewing any other UIC site or data that is available to the general public does not by itself cause your personal device to considered a non-secure system. Non-secure systems are those personal devices used to access non-public university systems.

Q: It’s my personal computing device…why does the University care about what I do with it?

A: When you use the device to access University systems, if your device is not properly configured and maintained, it can put the University data or system you are working with at risk.

Q: Am I allowed to use my personal computing device to access any data I have access to?

A: No. You are not allowed to use personal devices to manipulate or store High Risk data. High Risk data includes, but is not limited to, things like social security numbers, credit card numbers, Protected Health Information (PHI) and large aggregates of FERPA data.

Q: I have a good business reason for manipulating or storing High Risk data while off campus. How can I do this securely?

A: High Risk data may only be manipulated or stored on University owned devices. Some possible ways to accomplish this while off campus are to use an encrypted portable University owned and maintained device or securely access a remote University system housed on campus. Contact your UISO for more information on acceptable solutions.

Q: What are my responsibilities with respect to my personal computing device (non-secure system)?

A: You are responsible for ensuring the security of your device. This includes, but is not limited to:

  • Installing, enabling and maintaining endpoint protection software (antivirus and/or anti-malware).
  • Ensuring that all accounts on the computing device have passwords that meet the requirements defined at password.uic.edu. NOTE that the password used for your UIC netid should never be re-used at other web sites or on your personal device.
  • Enabling automatic updates for the operating system as well as all third party software such as Adobe Reader, web browsers, Microsoft Office, etc.
  • DO NOT share the account on your computer with others.
  • Portable devices should be configured to auto-lock after a period of inactivity to ensure that the device cannot be used by others if left unattended.
  • DO NOT allow your web browser to remember your UIC password.
  • DO NOT store passwords on the device unless encrypted with a password manager such as LastPass.