Store protected information on restricted-access network drives or in central databases

Use a difficult-to-break password with at least eight characters

Use upper and lower case letters, numbers, and special characters in your password

Change your password every six months or sooner

Report suspicious emails or other computer activities to IT Services (x5457)

Keep anti-virus definitions and operating system patches up-to-date

Lock your computer screen when away from your desk

Minimize printing of protected information

Shred printed documents containing protected information when no longer needed

Send protected information via an encrypted ZIP file, and call the recipient to give the password

Store protected information on flash drives, laptops, PDAs, or other portable devices

Store protected information on local hard drives

Share your password

Write down your password

Visit questionable websites or engage in peer-to-peer file sharing

Answer emails from supposedly trusted authorities asking for passwords

Export protected information to spreadsheets or local databases unless absolutely necessary

Send protected information unencrypted via email or file transfer (FTP)

Passwords on Post-It notes

Poorly chosen passwords

Unlocked, unattended computers

Lost laptops, thumb drives, etc.

Opening strange emails, attachments, or programs

Unpatched desktop computers

Sharing sensitive information

Ignorance of internal threats (e.g. emailed spreadsheet)

Unreported violations

Inappropriate computer use (web browsing, file sharing)