IT Security Guidelines at CPUT

With more and more people having access to the internet and computing devices, the amount of instances of user accounts being compromised has increased. Users at CPUT are no different. We are prone to hacking and phishing attacks which could result in data loss or theft both on an institutional or a personal level. 

It is important for staff and students to be aware of their responsibilities when using the computing services at the institution. It is also important to understand how to improve one's IT security so as to prevent user accounts from being hacked. 

The institution has developed two policies which provide guidelines for acceptable use and IT security for users. These policies are the Electronic Communication Policy and the Information Security Policy. They are available on the CTS-OPA web page. It can be downloaded and viewed by selecting the "CTS Documentation" tag and the "Policies" option.  Additionally, staff can access these policiies using the MIS portal. Select the documentation option and "Technical and Partnerships Policies" .

One of the key points is that it is the responsibility of the user to safeguard his or her electronic accounts. Just like keeping one's banking PIN secure, users of CPUT systems should ensure that the passwords of their user accounts are not known to others. Uses have a responsibility to keep data of the institution secure. Here are some guidelines which, if applied, will improve on IT security of a user account.

• Use a password that is a combination of letters, numbers and special characters
• Change your password regularly. Internal CPUT systems will usually force users to change passwords after 45 days.
• Don't allow anyone to see you entering your password.
• When you are leaving your PC or laptop, please logout or lock your PC. The CTS department is busy rolling out automatic lockouts on PC's when idle. However, the responsibility is on the user to keep their accounts secure by logging out.
• Especially if you are a user responsible for key data, like a financial administrator, not only is it important to adhere to the above principles, but you have a duty to protect the integrity of data. 
• If CPUT data is kept on local PC storage (not advisable), then the user is responsible for keeping properly secured backups.
• Care should be taken when accessing internet sites or using flash drives without the necessary virus scanning being performed.
• Any security breaches must be reported immediately to the office of the CTS Director.

The CTS department has also detected another security breach which negatively impacts on security and performance. The unauthorized installation of network  devices like routers could result in account hacking through backdoor access, virus outbreaks or performance degradation of the network. Users who wish to install such devices have the responsibilty to contact the CTS department for approval. If such devices are already installed, please bring this to the notice of the CTS department immediately. 

Using these guidelines will make CPUT a safer place for all IT users!