Awareness : Security Awareness Tips

Abusing your Systems Privileges Can Lead to Termination

University of Miami workforce members must be aware of their responsibilities when given access to University information systems. Such access is a privilege and should only be used for legitimate, job-related activity. All University employees sign a Confidentiality and Acceptable Computer Use Agreement. Medical Campus employees also sign a HIPAA Confidentiality Agreement. Appropriate use of information systems apply to all workforce members regardless of tenure or rank. University systems, including UChart, Canecare, Kronos, DHRS and others contain audit trails that record user activity, including the specific records, dates and times accessed.

Accessing the accounts of friends, celebrities, relatives, coworkers, or other individuals is strictly prohibited unless you are specifically required to do so as part of your work-related responsibilities. You should not access any account unless you have a specific job-related need to do so. Snooping is not a permissible activity. Do not look up an individual’s information because you are curious, concerned or as a favor for someone else. How would you feel if someone was looking through your medical or financial records for non-professional reasons?  How would you feel if others were gossiping about the most sensitive medical secrets of your mother, father, son or daughter?

Audits are routinely performed on University systems and inappropriate access can result in disciplinary action up to, and including termination. In this regard, employees must guard their authentication credentials such as username and password. Do not share your password. You do not wish to be held accountable for actions committed by another workforce member using your username and password. If you suspect your password has been compromised, please change it immediately. Requirements to use strong passwords and change them on a regular basis are not meant to irritate but to protect.

When displaying or accessing sensitive information do not leave your workstation unattended for any extended period of time.  Before leaving, lock your workstation and/or close the relevant application (Windows users can use and select Lock computer). Use of a password-protected screensaver which activates after a suitable time (15 minutes or less, as suited to your environment) is recommended in case you are unintentionally away for longer than expected.

For more information

Posted: August 19, 2010