If you are permitted to access or maintain sensitive university data using your personally owned computer or self-managed university-owned computer, please meet these minimum expectations.
See Your Responsibilities for Protecting Sensitive Data When Using Your Own Devices for a complete list of your responsibilities when using your own devices to work with sensitive U-M data.
See additional general best practices for securing your computer at Secure Your Personal Computer.
By meeting minimum expectations below, you also protect your personal data.
Settings
Require the password when your computer sleeps or the screen saver is activated. Do not allow automatic login. In System Preferences, choose Security & Privacy, then the General tab. Follow these guidelines for a strong password. Remember that you are also setting your Keychain Password when you set your login password.
For more about passwords on Mac OS, see OS X El Capitan: Understand Passwords
In System Preferences, choose Desktop & Screen Saver, then set activation time.
See Anti-virus for Personal Computers for recommendations and links to help protect your personally-owned computer.
In System Preferences, choose Security & Privacy, then the FileVault tab. For details, see Use FileVault to encrypt the startup disk on your Mac (Apple).
For general information about encryption, see Encrypt Your Data.
In System Preferences, choose Security & Privacy, then the Firewall tab.
Untrusted networks include guest wireless in a hotel or coffee shop. Members of the U-M community can download and install the appropriate U-M VPN—Virtual Private Network— for their campus (Ann Arbor, Health System, Dearborn, or Dearborn) for a more secure computing experience on untrusted networks.. See Use a Secure Internet Connection.
Use Time Machine (built into Mac OS X) or a reliable backup utility. Be sure your backups are kept in a secure place. Secure external drives in a locked location, or choose a good cloud service backup provider.
Set your Gatekeeper settings to limit software installs to more secure sources.
Under the Apple menu, choose System Preferences, and Security & Privacy. In the General tab, set the allowed app downloads to be from Mac app store and identified developers.
Connections
Secure networks include wired connections and U-M Wireless networks.
VPNs—Virtual Private Networks—provide a secure computing experience when accessing a U-M network from a remote location or when using an untrusted wireless connection. See Use a Secure Internet Connection.
Turn off optional network connections like WiFi and Bluetooth when you are not using them.
Management
We recommend that people avoid connecting to U-M networks from machines running Mac OS 10.5 (Leopard) and older.
Keep your applications updated to take advantage of security updates and other improvements.
Only install applications from reputable software providers.
- Check the Sensitive Data Guide for services approved for use with sensitive data.
- Do not store files in the cloud with iCloud Drive if you work with sensitive university data. With OS X 10.10 "Yosemite," use of iCloud for syncing Documents & Data is enabled automatically. Turn this off in System Preferences > iCloud; uncheck the Documents & Data checkbox.
- Many Microsoft applications let you share files using OneDrive (Microsoft cloud storage). Do not do this if you work with sensitive university data.
Some of these data types include Export Control, HIPAA, and FISMA. See the Sensitive Data Guide for details.
Properly erase your computer before Selling or Giving Away Your Mac.
If you are moving to a new Mac, remember to backup your machine to make transferring data easier.
If you use your computer to maintain or access sensitive institutional data and it is lost or stolen, notify the ITS Service Center.
Additional Best Practices
Consider these additional options for enhanced security for your computer and the data maintained on or accessed from it.
- Back up your data. Always keep a backup copy of files you do not wish to lose. Hard drives wear out and fail. Devices can be lost or stolen. The university offers several file storage options you can use. Check the Sensitive Data Guide to see which services are appropriate for certain types of sensitive institutional data.
- Choose web browser security settings that protect your privacy and enhance security.
- Be safe online. Learn about strong passwords, how to protect your identity, how to avoid phishing scams, and more.
- Put a sticker on your computer with your name and contact information. This low-tech, practical step enables somebody to contact you if they find your lost computer.
- Register your devices with DPSS. The U-M Police Department offers a free personal property registration program to members of the U-M community to deter theft and assist in the recovery of stolen property.
- Travel safely with technology. Take precautions when you are away from home to protect your privacy and the university's sensitive data.
Additional Resources
Related U-M Policies and Standards
- Responsible Use of Information Resources (SPG 601.07)
- Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33)
- Unit-Specific Requirements for Self-Management of Personally Owned Devices that Access Sensitive Institutional Data (DS-07)
- Tech Tools: Cell Phones and Portable Electronic Resources (SPG 514.04)