If you are permitted to access or maintain sensitive university data using your personally owned computer or self-managed university-owned computer, please meet these minimum expectations.
See Your Responsibilities for Protecting Sensitive Data When Using Your Own Devices for a complete list of your responsibilities when using your own devices to work with sensitive U-M data.
See additional general best practices for securing your computer at Secure Your Personal Computer.
By meeting minimum expectations below, you also protect your personal data.
Settings
Require a password for access to your computer.
Require the password when your computer sleeps or the screen saver is activated. Do not allow automatic login. In System Preferences, choose Security & Privacy, then the General tab. Follow these guidelines for a strong password. Remember that you are also setting your Keychain Password when you set your login password.
For more about passwords on Mac OS, see OS X El Capitan: Understand Passwords
Set your screen saver to activate after 15 or fewer minutes of inactivity, and require your password to unlock it.
In System Preferences, choose Desktop & Screen Saver, then set activation time.
Install and use anti-virus software.
See Anti-virus for Personal Computers for recommendations and links to help protect your personally-owned computer.
Turn on FileVault (for laptops) to encrypt the contents of your hard drive.
In System Preferences, choose Security & Privacy, then the FileVault tab. For details, see Use FileVault to encrypt the startup disk on your Mac (Apple).
For general information about encryption, see Encrypt Your Data.
Turn on the built-in firewall.
In System Preferences, choose Security & Privacy, then the Firewall tab.
Install U-M VPN software if you expect to use untrusted networks.
Untrusted networks include guest wireless in a hotel or coffee shop. Members of the U-M community can download and install the appropriate U-M VPN—Virtual Private Network— for their campus (Ann Arbor, Health System, Dearborn, or Dearborn) for a more secure computing experience on untrusted networks.. See Use a Secure Internet Connection.
Backup Your Mac Regularly
Use Time Machine (built into Mac OS X) or a reliable backup utility. Be sure your backups are kept in a secure place. Secure external drives in a locked location, or choose a good cloud service backup provider.
Set Gatekeeper to protect from malicious software installs.
Set your Gatekeeper settings to limit software installs to more secure sources.
Under the Apple menu, choose System Preferences, and Security & Privacy. In the General tab, set the allowed app downloads to be from Mac app store and identified developers.
Connections
Use a secure internet connection.
Secure networks include wired connections and U-M Wireless networks.
Turn on the U-M VPN if using untrusted wireless networks (such as guest wireless in a hotel or coffee shop).
VPNs—Virtual Private Networks—provide a secure computing experience when accessing a U-M network from a remote location or when using an untrusted wireless connection. See Use a Secure Internet Connection.
WiFi and Bluetooth
Turn off optional network connections like WiFi and Bluetooth when you are not using them.
Management
Keep your Mac OS updated to take advantage of security updates and other improvements.
We recommend that people avoid connecting to U-M networks from machines running Mac OS 10.5 (Leopard) and older.
Update your applications.
Keep your applications updated to take advantage of security updates and other improvements.
Use reputable software providers.
Only install applications from reputable software providers.
Be aware of where data is being stored and store sensitive university data only in approved locations.
- Check the Sensitive Data Guide for services approved for use with sensitive data.
- Do not store files in the cloud with iCloud Drive if you work with sensitive university data. With OS X 10.10 "Yosemite," use of iCloud for syncing Documents & Data is enabled automatically. Turn this off in System Preferences > iCloud; uncheck the Documents & Data checkbox.
- Many Microsoft applications let you share files using OneDrive (Microsoft cloud storage). Do not do this if you work with sensitive university data.
Be aware that certain types of sensitive data cannot be accessed or maintained outside the U.S.
Some of these data types include Export Control, HIPAA, and FISMA. See the Sensitive Data Guide for details.
Before you sell or give away your computer, erase the hard drive securely.
Properly erase your computer before Selling or Giving Away Your Mac.
If you are moving to a new Mac, remember to backup your machine to make transferring data easier.
Report security incidents.
If you use your computer to maintain or access sensitive institutional data and it is lost or stolen, notify the ITS Service Center.
Additional Best Practices
Consider these additional options for enhanced security for your computer and the data maintained on or accessed from it.
- Back up your data. Always keep a backup copy of files you do not wish to lose. Hard drives wear out and fail. Devices can be lost or stolen. The university offers several file storage options you can use. Check the Sensitive Data Guide to see which services are appropriate for certain types of sensitive institutional data.
- Choose web browser security settings that protect your privacy and enhance security.
- Be safe online. Learn about strong passwords, how to protect your identity, how to avoid phishing scams, and more.
- Put a sticker on your computer with your name and contact information. This low-tech, practical step enables somebody to contact you if they find your lost computer.
- Register your devices with DPSS. The U-M Police Department offers a free personal property registration program to members of the U-M community to deter theft and assist in the recovery of stolen property.
- Travel safely with technology. Take precautions when you are away from home to protect your privacy and the university's sensitive data.
Additional Resources
Related U-M Policies and Standards
- Responsible Use of Information Resources (SPG 601.07)
- Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33)
- Unit-Specific Requirements for Self-Management of Personally Owned Devices that Access Sensitive Institutional Data (DS-07)
- Tech Tools: Cell Phones and Portable Electronic Resources (SPG 514.04)