UNIVERSITY OF WISCONSIN River Falls
Information Security
Reviewing Your Technology Purchases
November 22, 2021
UWRF requires all software purchases to be reviewed by DoTS to ensure we are meeting UW information security policy requirements. This includes software as a service (web-based services) and “free” software. It is our obligation to keep the data we are entrusted with secure. The process begins with accessing the risk should a breach occur; reviewing vendors terms and practices; and ensuring we have the appropriate protections in place based on the identified risk. Therefore, it is important you have all applications and services reviewed by DoTS prior to purchase.
As we enter the holiday season, many of you will be purchasing technology. Here are a few ways you can apply the same principals to your personal purchases:
Always read the privacy policy. People have heard me say it over and over because it is true. This is your only protection when it comes to third-party data collection and sharing. Pay attention to the information collected and how it is used.
Look for evidence of encryption. If your data is encrypted, only you and the person or company on the other end can see it, not everyone else along the way. It is easy to see if a website is encrypted by looking for the lock icon on the address bar. With internet connected tech gadgets, it can be more difficult. Refer to the website above or check the manufacturer’s website for information.
Buy products and services from reputable vendors that offer regular security updates and actively work to address vulnerabilities. Every device you purchase should have the ability to be updated. Automatic updates are best, but manually checking for updates is okay if you remember to check on a regular basis.
Like common passwords, common pass phrases will get cracked quickly as well. Instead of using PleaseExcuseMyDearAuntSally, try something unique such as My2FavoritePorcupinesRideHorseback!
Always use strong passwords or pass phrases and never leave default passwords unchanged. Hackers use large lists of common passwords when performing attacks. Make sure yours are unique. FordF150! may seem like a good password, but it at the top of the list and would be breached in under a second. Common pass phrases will get cracked quickly as well. Instead of PleaseExcuseMyDearAuntSally, try something unique such as My2FavoritePorcupinesRideHorseback!
Use care with online purchases. Consider getting a separate credit card with a lower credit limit and charge limit. Most banks offer email or text message alerts, take advantage of them (but be wary, SMS message scams are on the rise). Payment services such as PayPal, Google Pay, Apple Pay may also provide enhanced protections. Avoid using debit cards for online purchases.
The Mozilla Foundation created an excellent resource to help you understand the risks associated with technology purchases. How creepy is that smart speaker, that fitness tracker, those wireless headphones? Now, you can find out. Clicking on a product leads to a page that includes information about the product. Can it snoop on you, what information does it collect, how is the information used, does it meet basic technical requirements, etc.? It also includes a creepy factor score based on user votes. If you are planning to purchase any holiday tech, I suggest checking out this site before you buy. https://foundation.mozilla.org/en/privacynotincluded/
I am a big fan of technology and automation. Play with the toys. Explore and have fun! Just be cautious and aware. A little information and a few basic protections can go a long way to keeping yourself protected online. And remember, please engage DoTS early when you are planning to purchase technology.
