Skip to main content
Office of OneIT
Go to Search Page

Cybersecurity

The University has a responsibility to comply with applicable legal, regulatory, and contractual requirements with respect to safeguarding university information resources. Because the University operates in such a complex environment, a formal information security framework is necessary to promote compliance. At UNC Charlotte, we have adopted an international standard for information security controls – ISO/IEC 27002. This standard provides the framework for our Information Security Policy and all its supporting Standards and Guidelines. The information above provides guidance for the assessment of information security compliance for University employees and systems (campus and externally hosted).

More detailed information may be found in the Standards and Guidelines associated with University Policy 311 Information Security.

Protect Passwords and Access

You should treat your password as confidential information and not divulge it to anyone. Do not reuse your NinerNET password (or any password, ever) for another account. Do not store password information in a file unless you have applied a strong password on the file. Protect confidential and sensitive information on your device by locking, logging off, or shutting down. Lock your device if you’re leaving your workspace for the water cooler, log off if you’re heading to lunch, and shut down if you’re going home for the evening.

Use Two-Factor Authentication

Duo two-factor authentication adds an extra layer of protection to your NinerNET account by requiring two factors to verify your identity – “something you know” like your password and “something you have” such as your phone. Duo is a very effective method for preventing unauthorized access to many University systems, including Gmail, My.charlotte, Banner, Dropbox, Kronos, and Canvas. Students, employees, sponsored guests, and Emeriti Faculty are required to sign up for DUO two-factor authentication.

Sharing and Handling Files, Documents, and Data

Grasp the four levels of data classification and understand where data may be stored based on them. Limit access to those who have a need to know and are authorized to view the data. Never store confidential or sensitive University information on non-University cloud services. Delete files in the Downloads folder and empty the Recycle Bin frequently to ensure that sensitive/confidential University information is not stored in these locations.

If you need to transfer sensitive University information, first check the restrictions on how the data is to be handled, which may be governed by the Guideline for Data Handling, a Data Security Plan, or legal, regulatory, or contractual restrictions. If you plan to transfer sensitive University information to an external entity, please let the appropriate responsible party know that agreements are in place between the University and that entity. If you share a password-protected file with an authorized person/entity, the password must be sent separately.

Remote Access

The University’s secure VPN can add an extra layer of protection when accessing University resources from a remote location. If you plan to work from a mobile device, personal tablet, or computer, you must set a password, PIN, or swipe pattern for access. Additionally, be sure to adhere to the policies governing information security and acceptable use, as well as the corresponding standards and guidelines. If you plan to travel to another country with a University or personal laptop, tablet, or smartphone, please contact the Export Control department and the Economic Development Office.

Copiers, Printers, and Fax Machines

Use copiers, printers, and fax machines that are located in secure areas if you must transmit sensitive University information. Work with OneIT or our Information Security Liaison to ensure University devices are configured appropriately to secure University information in transmission. Do not use non-University devices to copy, print, or fax non-public University information.

Hardware Disposal, Reassignment, or Surplus

Ensure that data is erased before reassigning University-owned hardware and/or media within a department. Work with our Information Security Liaison to ensure that data has been properly removed by destroying, purging, or clearing it, based on the Guideline for hardware and media disposal, before disposal or surplus.

Compliance

For Employees

The Employee Checklist for Information Security acts as a guide to assist individuals in safeguarding University information resources in an appropriate manner. More detailed information may be found in the Standards and Guidelines associated with University Policy 311 Information Security.

For Campus Systems

The Information Security Checklist for campus systems should be used as a starting point to review information security related to the systems and services owned by each unit and/or college. These topic areas are supported by the Standards and Guidelines associated with University Policy 311 Information Security.

For Externally Hosted Services

The Information Security Checklist for Externally Hosted Services should be used as a starting point to review information security related to the systems and services owned by the unit, department, or college but hosted by a third party on an external network. These topic areas are supported by the Standards and Guidelines associated with University Policy 311 Information Security.