Compliance Tips On Internal Controls and Cyber Security

October 21 2009

Charlotte Mayor Pat McCrory recently declared October “UNC Charlotte Cyber Security Awareness Month.” In honor of this event, the Internal Audit Department offers compliance tips on what computer users should do to inhibit the unauthorized use of the University’s information systems.

Don’t share passwords – even among colleagues. Have a different password for personal activity such as online banking.

Avoid using easily guessable information to construct a password – particularly personal information that might be publicly available.

Don’t open e-mail or attachments from unknown senders.
Promptly report attempts to obtain user personal information from suspicious persons and other spam e-mails to stopspam@uncc.edu.

Never provide personal account information (login name and password, ID number or personal financial information) by e-mail, phone or in any communication method.

The University’s standards for responsible use of information system resources are described in Policy Statement No. 66 “Responsible Use of University Computing and Electronic Communication Resources.” Faculty and staff who maintain Web pages hosted on University servers should be familiar with the standards contained in Policy Statement No. 8 “World Wide Web.” The entire set of IT policies is available on the legal affairs Web site and provides guidance for all facets of operations related to information technology systems.

Tom York, director of internal audit, noted, “While a determined hacker may find a way to defeat our security measures, supervisors and users can make that much more difficult by following the standards laid out in our policies.”

Direct questions about IT policies or procedures to the Office of the CIO at ext. 7-8495 or contact the IT Help Desk at ext. 7-3100.