Keeping your computer secure is vital to help protect your privacy, university data, and all computers and devices on the UW network. Follow the practices below to help keep your computer secure, and be sure to follow the policies of the UW’s Access and Use Agreement for UW Data and Information Systems as applicable.
Keep your operating system and software updated
- All computers should have up-to-date operating systems with current anti-virus and anti-spyware programs.
- Windows 8.1, 8, 7 and XP are are no longer supported for security updates.
- MacOS should be updated to at least Big Sur (11.7) or higher.
- Most new computers are configured to automatically check for updates. Check to ensure this is the default setting on your computer. Accept updates and patches as soon as they are available, whether you have automatic updates turned on or not.
- If you don’t have a supported or managed workstation, apply all software, firmware, driver patches and updates monthly at a minimum. Check with your computer’s manufacturer (e.g., Dell) for information on how to update the firmware.
More information can be found in the Update and Patch Risk Advisory
Protect your computer from viruses and spyware
- Use anti-virus and anti-spyware software
- Caution: If someone else manages or maintains your computer, check with them before installing anti-virus or anti-spyware software. Learn more about your role in Computer Management.
- The UW provides Sophos anti-virus software to all current faculty, staff, and students. Both anti-virus and anti-spyware functions are available if the (optional) feature to “scan for adware and PUAs” (Potentially Unwanted Applications) has been enabled.
- Note: Running multiple anti-virus, anti-spyware, or anti-malware programs from different vendors at the same time can create conflicts, including false positives and performance issues. If you do run a scan using another product, you may need to pause your current anti-virus software, run the scan, and then resume your anti-virus software protection.
Protect your password
- Do not share or reuse your UW NetID password
- Don’t reuse your UW NetID password on any other account.
- It is against policy to share your personal UW NetID and password with someone else. Do not give your UW NetID and password to anyone else, even if they are a close friend or member of your family.
- UW staff, including UW Information Technology consultants, will NEVER ask for your password. Email messages that ask you to send your UW NetID and password (such as to “verify your account”) are fakes and should not be responded to.
- Use a password manager
- Use a password manager, such as LastPass, to help you choose unique, complex passwords for each of your accounts.
- Use strong, complex passwords and 2FA
- Choose a complex password to reduce the likelihood of your password being guessed or cracked. If needed, it is easy to change your UW NetID password.
Use two-factor authentication (2FA) to protect your UW NetID credentials and data while logging in to accounts and applications. You can enroll your devices and opt in to use 2FA on the web.
Encrypt your computer and devices
- Use encryption to secure data
- If you lose physical possession of your computer, encryption tools such as BitLocker on Windows and FileVault on Macs, can protect your data against falling into the wrong hands.
- Whole disk encryption has limits. It cannot protect your data when your computer is powered on and unlocked, nor can it protect your data from surveillance or network attack. Additionally, if encryption is not properly installed and carefully managed, or if you lose your recovery key, you may irrecoverably lose access to your data.
Read more in the Whole Disk Encryption Risk Advisory
Protect Your Information
- Use Authentication and Authorization Services
- The following Authentication and Authorization Services are available from UW-IT for use in UW applications and services:
- Promptly report information security or privacy incidents
- Ensuring the confidentiality and integrity of UW information while at the same time making it available for use requires careful strategic, tactical, and operational planning. The Office of the Chief Information Security Officer (CISO) works with UW units to develop management strategies, manage incidents, and assess risks. Learn more here:
Tools for Secure Connections to UW Networks
- On UW campuses, you can use eduroam, a free encrypted service, to provide additional security on wireless networks. In addition to providing an extra layer of security on campus, this service allows users from the UW to securely access the internet from any Eduroam-enabled institution throughout the world.
The “University of Washington” network is an unencrypted general-purpose Wi-Fi network, using private IP address space, and is only available at UW Campuses, UW Facilities and UW Medical Centers.
- Husky OnNet
- If you are working remotely (from home, a cafe, airport, etc.) and want to connect to University resources and applications, you can use Husky OnNet, a virtual private network (VPN) service. Husky OnNet provides an encrypted connection and greater security when you access the UW network.
Secure File Transfer Tools
Follow Secure Computing Practices
The following are good security practices that will help protect you and your computer.
- UW data storage
- Store important files on a UW or UW-contracted server system such as U-Drive, a unit level home directory or project folder, UW Google Drive, or UW OneDrive for Business where they are likely to be backed up. See the Online Storage page for more information.Make sure you are using the right collaborative tools for the information you are sharing with coworkers. If you’re sharing data that is restricted by HIPAA or FERPA, for instance, ensure the service you choose is appropriate for storing or sharing those types of data. A file service comparison can be found on IT Connect.
- Do backups regularly
- Regularly making backups is one of your best defenses against loss caused by viruses, worms, or software and hardware failure.
- Do your backups on a regular schedule, such as once a week, or once every other week, or once a month.
- Use one method for doing backups, such as using the backup utility that comes with your operating system. Learn about its features, and use it in a consistent manner.
- Keep copies of the backups off-site. Your diligence in doing regular backups is wasted if you keep them next to your computer and you have an office fire.
Important Note: Backups, which are usually done to support recovery in the event of an accident, attack, or disaster, do not meet the requirements for records retention. University staff should have an additional systematic process for copying records to a secure yet readily accessible location and a schedule for eliminating records that are no longer needed.
- Completely quit your browser
- Browsers remember your ID and password until you completely quit the browser. Close all windows of the browser program and quit the program itself to clear its memory. In a computer lab or when using a kiosk, go through the complete logout and exit process before leaving the computer. DO NOT just walk away from your session.
- Secure laptops and mobile devices
- There are further considerations for securing laptops and mobile devices. Review the following resources on the Office of the CISO website:
- Dispose of all computers and devices securely
- Computers and devices may contain UW data and information, cached login credentials, or other confidential data that can be compromised if the physical device is not disposed of securely. If data and information are not deleted in the proper way prior to disposing of, relinquishing custody, or sending the device to UW Surplus, then there is potential for a data breach.
Read more in the Secure Disposal Risk Advisory.
- Separate UW-owned and personal devices
- Keep your devices separate. Use work devices for work and personal devices for personal data. An important point of awareness on this topic can be found in APS 55.1 Mobile Device Use and Allowance, which states the following:
“Employees are expected to configure mobile devices that are used to conduct UW business, whether personally owned or provided by the UW, in such a way that protects UW information.”
It also says that if an employee uses a personal mobile device for UW business and the UW determines the confidentiality, integrity, and availability of UW information is at risk at the result of that use, the employee may be required to provide UW unrestricted access to the device.
Consult Administrative Policy Statement 55.1 for more information about employee responsibilities.