Protect Your Security
Antivirus Software License
Faculty and Staff have antivirus software installed on their Mason-owned equipment. Mason suggests specific free antivirus software for use on personal computers. See Does Mason provide antivirus software? for more information.
Be Aware of Phishing Messages
Never give out your Patriot Pass Password or other personal information via email. George Mason University will never ask for personal information over email. If you receive a suspicious email, delete it. If you aren't sure, forward it to email@example.com so it can be assessed.
IT Security Office
The IT Security Office provides information, current tools, and guidelines to keep your computer secure. For information on keeping your computer and information protected, please go to the IT Security Office webpage.
Responsible Use of Computing
Take a few minutes to read and review University Policy 1301: Responsible Use of Computing that explains what constitutes acceptable and appropriate use of campus computing and network resources.
Basic Computer Security
All computer users should take the actions listed below, even if they do not have highly sensitive data stored on their computer.
- Activate a Password Protected Screensaver
- Use Strong Passwords for All of Your Accounts
- Automatically Receive Critical Updates
- Use Antivirus Software and Verify Proper Configuration
- Back Up Files As Needed
- Never Open Suspicious Emails or Attachments
- Use SSL or HTTPS for Online Transactions
- Reformat Hard Drive if Owner Changes
- Use Secure Shell, HTTPS, VPN, or Other Encrypted Client Portals for Transferring Files
- Follow Best Email Practices
- Browse Safely
Use a modern and secure operating system that is supported by its manufacturer.
If you need assistance implementing these steps, contact the ITS Support Center at 703-993-8870.
Highly Sensitive Data Authorization
To store Highly Sensitive Data (HSD) on your computer you are required to have formal authorization from a Chief Data Steward. Storing HSD on your computer without authorization is a violation of University Policy 1114: Data Stewardship.
Storing highly sensitive data on your office or laptop computer adds a risk that this protected data might be lost or stolen. If you are authorized to store HSD on your computer, you must have a protection program, such as encryption, in place to keep the stored data safe.
Before you begin the process of requesting authorization to store HSD, you should consider alternatives to storing the data on a computer. You might not need to store this data on your computer. Storing it on and accessing it from a secure network storage system could be one way to meet your business needs. Other options should be investigated, along with carefully examining why HSD is needed to perform your job.
If you truly believe your business need requires you to store highly sensitive data on your office or laptop computer, please submit an Authorization to Store Highly Sensitive Data Request Form from a Chief Data Steward.
Securing Highly Sensitive Data
Data in this category requires extraordinary protection because it has the potential to cause severe damage to people or the university if it is lost or accessed by unauthorized persons.
Examples include, but are not limited to: extensive personal information lists (sets of information that form a "complete picture" of a person); a file of passwords to other systems; police records; medical records; formulae for dangerous substances; bank account information; internal EEO accusations (or other information that would cause great personal reputational damage); crosswalks (lists that match two ID numbers like SSNs and G Numbers). These are just a sample of the type of data that requires extraordinary security measures.
Security at this level is best handled by in-depth consultation with the IT Security Office. Please contact the IT Security Office to arrange a consultation at 703-993-2906. If you need assistance implementing the Security Tips listed above, please contact the ITS Support Center at 703-993-8870.
Some Warnings About Highly Sensitive Data
No users are permitted to carry or store Highly Sensitive Data on any device, unless they have been authorized by their Data Steward, per University Policy 1114: Data Stewardship. See Authorization to Store Highly Sensitive Data Procedures.
NIST-certified encryption software must be used to protect Highly Sensitive Data on mobile devices. If you have been authorized by your Data Steward to carry or store highly sensitive data, please contact the ITS Support Center and request encryption.
Highly Sensitive Data should not be accessed remotely unless you are using a secure Virtual Private Network (VPN). Instructions for connecting to the VPN are available at Using 2FA with CISCO AnyConnect VPN.
Screensaver Lock (Session Lock)
During the spring of 2016, ITS implemented a new security policy to prevent unauthorized access of data on Mason computers. After 30 minutes of inactivity, faculty and staff computers will autolock with a screensaver and will require users to input a password to access their computers again. This policy does not apply to public space computers or computer labs.
Background on the Mason Session (Screensaver) Lock Standard
In compliance with the Commonwealth of Virginia’s Information Security Standard (SEC501-09), systems will initiate a session lock after 30 minutes of inactivity.
Mason personnel and information technology systems required to comply with the Health Insurance Portability and Accountability Act (HIPAA) law or the Payment Card Industry Data Security Standard (PCI-DSS) will implement the current applicable inactivity period. The current PCI-DSS standard is 15 minutes.
These standards safeguard access to shared university data and sensitive information (such as that protected by the Family Education Rights and Privacy Act (FERPA)).
If you feel that your computer qualifies for an exception to this policy, please contact the ITS Support Center at 703-993-8870 or firstname.lastname@example.org.