IT Security Office | IT Security Standards | Phishing | Security Liaisons | System Admin Resources | Highly Sensitive Data | CSIRT | SALT |

Everyone using a computer should be aware of and use good security practices with their systems to protect themselves and their organizations.

Protect Your Security

Antivirus Software License

Faculty and Staff have antivirus software installed on their Mason-owned equipment. Mason suggests specific free antivirus software for use on personal computers. For more information, see Does Mason provide antivirus software?

Be Aware of Phishing Messages

Never give out your Patriot Pass Password or other personal information via email. George Mason University will never ask for personal information over email. If you receive a suspicious email, delete it. If you aren't sure, forward it to support@gmu.edu so it can be assessed.

Responsible Use of Computing

Read and review the University Policy 1301: Responsible Use of Computing, which explains what constitutes acceptable and appropriate use of campus computing and network resources.

Basic Computer Security

All computer users should take the actions listed below, even if they do not have highly sensitive data stored on their computers.

  • Activate a Password Protected Screensaver
  • Use Strong Passwords for all of your accounts
  • Automatically receive critical updates
  • Use antivirus software and verify proper configuration
  • Back-up files as needed
  • Never open suspicious emails or attachments
  • Use SSL or HTTPS for online transactions
  • Reformat hard drive if owner changes
  • Use Secure Shell, HTTPS, VPN, or other encrypted client portals for transferring files
  • Follow best email practices
  • Browse safely
  • Use a modern and secure operating system that is supported by its manufacturer

If you need assistance implementing these steps, contact the ITS Support Center at 703-993-8870.

Highly Sensitive Data

To store Highly Sensitive Data (HSD) on your computer you are required to have formal authorization from a Chief Data Steward. Storing HSD on your computer without authorization is a violation of University Policy 1114: Data Stewardship.

To learn more about accessing and securing HSD, see Working with Highly Sensitive Data.

Screensaver Lock (Session Lock)

ITS implemented a security policy to prevent unauthorized access to data on Mason computers. After 30 minutes of inactivity, faculty and staff computers auto-lock with a screensaver and require users to input a password to access their computers. This policy does not apply to public space computers or computer labs.

Background on the Mason Session (Screensaver) Lock Standard

In compliance with the Commonwealth of Virginia’s Information Security Standard (SEC501-09), systems initiate a session lock after 30 minutes of inactivity.

Mason personnel and IT systems that are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) law or the Payment Card Industry Data Security Standard (PCI-DSS) implement the current applicable inactivity period. The current PCI-DSS standard is 15 minutes.

These standards safeguard access to shared university data and sensitive information (such as that protected by the Family Education Rights and Privacy Act (FERPA)).

Exceptions

If you feel that your computer qualifies for an exception to this policy, please contact the ITS Support Center at 703-993-8870 or support@gmu.edu.