Information security – Checklist for employees

Background

Information is one of our most important assets and is a prerequisite for conducting our operations. Information assets comprise everything that
contains information and everything that carries information. This includes, for example, information and information processing systems, software, physical
assets and hardware, services, people and intellectual property.

Consequently, our information assets must be managed and protected in a satisfactory manner with a comprehensive approach to information security
that encompasses all of the university's activities. This is because secure information management comprises a prerequisite for our ability to fulfil our mandate to provide education, conduct research and interact with society.

The following list is intended for employees of Umeå University and is designed as an aid to day-to-day operations.

  1. Exercise caution with the passwords to your computer and telephone, and lock your door.
  2. Be sure to make backup copies, update antivirus software and install software updates on computers/mobile devices. Older software versions can contain vulnerabilities. Check which guidelines apply.
  3. Consider your surroundings when handling information, such as calls, printouts and screen content.
  4. Only use IT services that are approved as regards both information security and personal data management. Services procured and provided by ITS fulfil all established criteria.
  5. Beware of phishing and similar attempts to use malicious e-mails or web forms to deceive you into providing personal data. The university's IT personnel will never ask for your password by email.
  6. Do not use cloud services to store personal data or other sensitive information and remember not to send sensitive information by email.
  7. Browse wisely. You need only visit a malicious website and your computer/mobile device can be infected with malicious code. Report incidents to abuse@umu.se – they can also provide advice and assistance.
  8. Report your personal data processing activities to the university's personal data representative pulo@umu.se.
  9. Ensure that information which is to be kept is archived; prepare for archiving when you begin collecting the information.
Lisa Redin
1/20/2020