Traveling Abroad without Making the News (Mobile Tech Edition)

Occasionally, a member of the community approaches the ISO Team to ask for our advice on traveling safely with mobile technology. While individual circumstances (including the nature of the mobile technologies/data in play, the nature of the trip, the particular destination) will dictate specifics, our general recommendations (below) will cover a lot of ground for […]

How Do *You* Spell “Shutdown”?

With so much (*ahem*) “excitement” in Washington this week, it’s little wonder opportunists would seize the moment and go on a domain-registration spree, seeking to capitalize on interest in these topics of nationwide scope. The incident handlers at the Internet Storm Center (sponsored by SANS) posted an entry to their Diary today entitled: “Obamacare related […]

Student Employees, their Laptops, and UVM Information

Where would UVM be without student employees?  University departments hire students  and other temporary employees for a wide variety of important jobs, and some of those jobs involve working with sensitive or confidential information.  As is true for regular faculty and staff, any work with Protected University Information (definitions of which are in the Information Security […]

Is it ever okay to share my password?

One’s UVM password must never be shared with anyone — not even with trusted family members, the boss, or information technology personnel.  Our passwords protect our personal information and assets, and because we’re each responsible for all use of our accounts, keeping the passwords secret protects us from any liability for others’ actions.  Please report […]

Stolen Devices and the Inconvenience of Time Travel

Since the beginning of 2010, UVM Police Services has sought ETS’s help in 104 device-theft cases pertaining to UVM students, faculty, and staff. One recurring theme is that there are two simple steps that users can take to reduce the impact a stolen device has on themselves and the institution, and that these steps can […]

What is encryption, and why should I care?

Encryption protects the people whose information we collect and manage, while protecting UVM from significant liability. Encryption encodes information in a way that only someone knowing a secret key can read it. If you store sensitive or confidential information — what UVM calls “Protected University Information”[1] — anywhere but on password-protected UVM servers, it must […]

Please don’t make me change my password. It’s the one I use everywhere.

Passwords serve to protect our privacy, our financial well-being, our reputations and even our identities.  Often, a password is all that stands between us and catastrophe. Choosing a password: A good password is easy to remember, hard to guess or crack, and for UVM accounts, changed at least once a year (every 120 days for […]

I have some sensitive data. Where should I keep it?

UVM provides secure and reliable network storage for academic work, research, and business files. Saving confidential or sensitive information on desktop or laptop hard drives, or on tablets and phones, greatly increases the risks of loss and inappropriate disclosure. And information classified as critical or nonpublic (what the Information Security Policy calls “Protected University Information”) […]

“To the Cloud!” Or not?

The Clouds are not all created equal. Be sure to research the terms of service, license agreement, usage agreement, copyright content ownership and everything else before signing up for a cloud service. Check to see if the University offers a service that will be of use before looking into an outside service. If you intend […]

Tags: , ,

Using URL Shorteners

We’ve all seen URLs shortened by and its cousins: Unwieldy juggernauts like reduced to tidy morsels like Who doesn’t enjoy that? It’s cleaner! Efficient! More user-friendly! Information security pros, that’s who. Why? Because it’s opaque. How did you know that clicking (if that’s how you got here) was going to bring […]