Information Security
Keep IT Private and Separate
“YOU” exist in digital form all over the Internet. It is thus important to ensure that the “digital YOU” matches what you intend to share. It is also critical to guard your privacy — not only to avoid embarrassment but also to protect your identity and finances!
The following are specific steps you can take to protect your online information, identity, and privacy.
- Use a unique password for each site. Hackers often use previously compromised information to access other sites. Choosing unique passwords keeps that risk to a minimum.
- Use a password manager. Using an encrypted password manager to store your passwords makes it easy to access and use a unique password for each site. While the university does not provide this service, it is still a good recommendation, even if you only use it for your personal business.
- Know what you are sharing. Check the privacy settings on all of your social media accounts; some even include a wizard to walk you through the settings. Always be cautious about what you post publicly. Check the sharing settings on documents you store in OneDrive and the UTK-sponsored Google GSuite. It’s easy to accidentally give “everyone” access to the information. In some cases, EVERYONE means literally EVERYONE (in the world). Pay attention to the details.
- Guard your date of birth and telephone number. These are key pieces of information used for verification, and you should not share them publicly. If an online service or site asks you to share this critical information, consider whether it is important enough to warrant it. Although by themselves, your phone number and your birth date aren’t sensitive, when coupled with other information, they add to the picture of the digital YOU.
- Keep your work and personal presence separate. Your employer has the right to access your e-mail account, so you should use an outside service for private e-mails. A private e-mail account helps you ensure uninterrupted access to your private e-mail and other services if you switch employers. This is especially important now; DON’T re-use your non-expiring UT NetID password on other sites.
- There are no true secrets online. Use the postcard or billboard test: Would you be comfortable with everyone reading a message or post? If not, don’t share it.
- Use the security controls available in Zoom. There are several mechanisms available in Zoom to keep down the risk that you or your meetings are “bombed.” For example, if it’s strictly a UT meeting (all users have a NETID), use the “Require Authentication” setting. That will allow ONLY authenticated users into your meeting. Plus, you have the added security of 2FA as all of the users had to authenticate using 2FA to access your meeting. Check out OIT’s Zoom Security Recommendations in the Knowledge Base.
- Use the security controls available in Teams. The primary method for preventing unwanted individuals from joining your meetings is by setting up a waiting room within the Meeting Options, and then selecting who is allowed to bypass the waiting room.
- Only you – Use when you want everyone else to wait in the lobby until you’re ready to admit them.
- (Recommended) People in my organization – Use when you want all external guests (anyone outside your organization) to wait in the lobby so you can approve them one-by-one.
- People in my organization and trusted organizations – Use when you want some external guests to wait in the lobby so you can approve them one by one.
- (Not recommended) Everyone – Use when you don’t want anyone to wait in the lobby. You want everyone to be able to join your meetings without specific approval.