Data security at the Law School is a cooperative effort. LawIT can provide firewalls, update your computer software with patches, lock down your machine with access restrictions, and provide other tools for preventing inappropriate access to the sensitive data used in the course of carrying out your duties. But a major part of security is user behavior. Most security incidents occurring at the Law School are a result of web browsing to infected web sites and clicking on email links with infected content.
Some safety tips:
Protection provided by the Law School
- When possible, rather than clicking on links, type them in manually
- Minimize browsing Web sites you are not familiar with
- Think before you click – Think twice before you click banner ads or pop-up windows
The Law School has several measures in place for protecting computers and the network:
Resources provided by the University
- The school is firewalled as a whole
- Each computer has a local firewall enabled
- Anti virus protection software is loaded on each computer and is updated regularly through the University
- Connected Backup is installed on each computer to provide daily backup of local files to the network, the purpose of which is to restore lost data from local machines.
- LawIT maintains regular backups of network servers. The purpose of these backups is to restore the system in case of data loss due to a system crash
- We have an incident response team for security incidents and questions who should be alerted by way of the work request system
- LawIT is upgrading to Windows 7 to improve the security posture of our users
- LawIT generally only gives 'User' level access to reduce the exposure of workstations
- LawIT uses computer patch management software to automatically patch Microsoft, Adobe, and Java products on school computers as needed
The threat landscape is constantly changing. To address this, the University has departments that keep up with all the changes and provide information and tips to the U-M community. Some of the issues tracked include phishing, virus outbreaks, security updates for operating systems and applications, and hoaxes. The links below and to the right point to some of the security services offered by the University.
The university's information page and recommendation for anti-virus software.
IT User Advocate
The IT User Advocate unit is dedicated to the responsible use of computing at U-M. The site includes information about e-mail issues, your rights and responsibilities as a U-M information technology user, and more.
Information and Infrastructure Assurance (IIA)
This ITS office oversees the big picture view of IT security at U-M and guides the University's IT Security Program. It works to proactively mitigate IT security risks.
Information Technology Policies at U-M
Includes policies related to e-mail privacy, information about ethical and legal use of softwre, password security tips, and more.
Private Personal Information (PPI)
As a member of the University community, you may have access to private, personal information (PPI) for employees, students, alumni, etc. It is essential that this PPI is protected. Protect other individuals' PPI with the same care and caution with which you would like your information protected.
Never save PPI to your workstation without consulting with LawIT about encrypting the data.
What is PPI?
PPI is Private Personal Information. It is information which can be used to uniquely identify, contact or locate a single person, or may enable disclosure of personal information.
Private Personal Information and Three Ways to Protect It
See more examples of sensitive data.
Why protect PPI?
NOTE: Any virus on any machine with PPI constitutes a security breach, according to the University Security group (IIA).
- Unauthorized disclosure of PPI may lead to identity theft or may otherwise harm the University or an individual
- It is required by U-M's Standard Practice Guide 601.12
- It is required by federal, state and industry regulations
Who should I tell if I recognize that PPI has been compromised?
Inform Kurt Kaiser, the Law School’s security administrator at email@example.com
Computer Patch and Power Management Patch Management Automatically and remotely deliver software fixes and patches to managed computers.
In order for LawIT to successfully perform security updates and patches to Law School computers to protect our machines from ever-increasing vulnerabilities and malware attacks, it is required that you turn off your computer at the end of your work day. Shutting down your computer at night and on weekends will ensure that your work is saved properly before the patches are applied. Not doing so could jeopardize the integrity of unsaved work. Your assistance will not only protect your computer from security threats but will also have a big impact on the Law School‘s efforts to save energy.
If there are reasons why you cannot participate in this process, please contact LawIT via the work request system.
BigFix patch management software can update and patch the following third-party Windows Applications.
Power Management Push power settings and monitor overall power usage of managed computers.
As part of the university’s green computing effort, the Law School is implementing power management strategies to reduce electricity consumption by default on local work computers. Power management is a feature that turns off computers or switches them to a low power state when not in use. Applying power management settings to faculty and staff workstations at the Law School will save substantial energy over time.
- After 15 minutes your monitor will go to sleep. To activate your monitor simply move/click your mouse or tap a key on your keyboard.
- After 30 minutes of inactivity the computer enters a state called standby. The power button on the workstation will slowly flash or go blank. Press your keyboard's space bar a few times to revive the system from standby and return it to its normal state. This may take a few moments.
If there are reasons why you cannot participate in this process, please contact LawIT via the work request system