Secure and Manage Your Computer (Windows)
If you are permitted to access or maintain sensitive institutional data using your personally owned computer or self-managed university-owned computer, please meet the minimum expectations below. See University Data and Personally Owned Devices for a complete list of your responsibilities when accessing sensitive U-M data.
By meeting the minimum expectations below, you also protect your personal data.
Minimum Expectations for a Secure Computer
Instructions and More
Instructions for security settings and tips for protecting your Windows computer are available from Microsoft:
- Require a password for access to your computer. Follow these guidelines for a strong password. See Windows: Change your Windows password for instructions (Windows 7). For other versions of Windows, check the Windows Support website.
- Set your screensaver to activate after 15 or fewer minutes of inactivity, and require your password to unlock it. See Windows: Use your Windows password for your screen saver password for instructions (Windows 7). For other versions of Windows, check the Windows Support website.
- Install and use anti-virus software.* See Anti-Virus Protection at U-M for guidance. You may also use your own commercial product.*
- Run the Microsoft Fix it tool for security settings to do the following and more (or check Microsoft Support for specific instructions for these settings for your version of Windows):
- It is normally turned on by default.
- Check your anti-virus protection status
- Turn on Automatic Update to keep your version of Windows updated.
- Check whether you have the latest version of Internet Explorer installed.
- Use BitLocker Drive Encryption (for laptops) to encrypt your computer's hard drive. BitLocker is included in Windows. Check Microsoft Support for instructions for your version of Windows. (It is not necessary to encrypt desktop computers in secure locations, such as your home.)
- Install the U-M VPN if you expect to use untrusted networks (such as guest wireless in a hotel or coffee shop). UMHS faculty and staff should use
* If you purchased a different anti-virus and/or security program with its own firewall that you use instead of the Windows firewall, that's okay. Just make sure that the firewall and anti-virus protection are turned on and that the software is regularly updated. We recommend that you use only one security program.
** U-M Health System (UMHS) faculty and staff should use the Cisco AnyConnect VPN client provided by Medical Center Information Technology (MCIT) to access Protected Health Information (PHI), Clinical Network and Applications, Schedulon, and Printing, as well as to access file servers and internal UMHS web content. For more information, installers, and instructions, see VPN - Cisco AnyConnect SSL Client in the UMHS KnowledgeBase.
- Use secure networks, such as wired connections or MWireless.
- Turn on the U-M VPN if using untrusted wireless networks (such as guest wireless in a hotel or coffee shop). UMHS faculty and staff should use
- Turn off optional network connections (WiFi, Bluetooth) when you are not using them.
- Turn on automatic updating to keep your Windows operating system updated. This provides you with security updates and other improvements. See Windows: Turn automatic updating on or off for instructions (Windows 7). For other versions of Windows, check the Windows Support website.
- Keep your applications updated to take advantage of security updates and other improvements. Use automatic updating where available.
- Only install trusted applications.
- Be aware that certain types of sensitive data (such as Export Control, HIPAA, and FISMA) cannot be accessed or maintained outside the U.S. See the Sensitive Data Guide for details.
- Before you sell or give away your computer, erase the hard drive securely. See Remove Data from a Hard Drive.
- Report security incidents. If you use your computer to maintain or access sensitive institutional data and it is lost or stolen, notify the ITS Service Center.
Additional Best Practices
Consider these additional options for enhanced security for your computer and the data maintained on or accessed from it.
- Back up your data. Always keep a backup copy of files you do not wish to lose. Hard drives wear out and fail. Devices can be lost or stolen. The university offers several file storage options you can use. Check the Sensitive Data Guide to see which services are appropriate for certain types of sensitive institutional data.
- Choose web browser security settings that protect your privacy and enhance security.
- Protect yourself online. Learn about strong passwords, how to protect your identity, how to avoid phishing scams, and more.
- Put a sticker on your computer with your name and contact information. This low-tech, practical step enables somebody to contact you if they find your lost computer.
- Follow the Mobile Computing Guidelines When Traveling or Conducting Field Research to protect your computer when traveling.
Related U-M Policies and Standards