Individual users are responsible for the appropriate use of University computers, and for taking reasonable precautions to secure the information and equipment entrusted to them. Users are responsible for adhering to University policies and practices to ensure IT assets are used in accordance with policy guidelines, and reasonable measures are taken to prevent loss or damage of computer information and equipment. Further, they are responsible for reporting inappropriate use of University computers, breaches of computer security, and assisting in resolving such matters.
Destruction, theft, alteration, or any other form of sabotage of University computers, programs, files or data is prohibited and will be investigated and prosecuted to the fullest extent of the law.
Accessing or attempting to access confidential data is strictly prohibited. Confidential information should only be used for its intended purpose. Using confidential information for anything other than its intended use, without prior approval, is prohibited.
For more information please see the Information Technology and Communications Operating and Security Policy for Students, Faculty and Staff located on the CAU Web site.
Q: While I was on vacation, my supervisor used my computer and accessed some personal information I have stored on the hard drive. What can I do to prevent this kind of "snooping" in the future?
A: An individual's personal information stored on CAU-owned computer equipment is not confidential. As with personal e-mails, information that is stored or transmitted via CAU's information systems is not private communication.
Responsible Use of Technology
CAU provides a variety of computing resources including e-mail, Web hosting and Internet connectivity to its employees. These resources are a cost-effective way to conduct business. CAU wants to encourage the responsible use of computer technology by adhering to local, state and federal laws governing computer use. Violations of CAU computing resources include actions such as harmful actions towards minors, threats, harassment, use of obscenity, forgery, unsolicited e-mail, unauthorized access, collection of personal data, reselling services, service interruptions, physical security, copyright and trademark infringement among other things.
Q: I suspect that employees in my office are using their computers to conduct business that violates University policy. What should I do?
A: Report the suspected activities to your supervisor or the Compliance Office. The following information must be provided: the date and time of the alleged activity and a detailed description of the alleged activity.
System Access and Passwords
Attempting to access University computers without specific authorization is prohibited. Any form of tampering, including snooping and hacking, to gain access to computers is a violation of University policy, and carries serious consequences. Employees are required to turn off their computers at the end of the day, and when not in use for an extended period of time. This will help prevent computer security breaches and damage due to power surges. In addition, computer users must take other reasonable precautions to prevent unauthorized access of University computers.
Computer passwords are used to protect your computer, electronic files and other data. External attacks on computers often rely on weak passwords based on personal data and common words. By creating strong alpha numeric passwords you are protecting University data.
For more information on passwords, please see the Information Technology and Communications Operating and Security Policy for Students, Faculty and Staff located on the CAU Web site.
Q: Is it acceptable to share your password when you are in a crunch for time or will be out of the office?
A: No. You should never share your password. If additional passwords are required, follow the procedure established to request access. Individuals who share their passwords are accountable for actions taken under their login.
Q: I have trouble remembering passwords, so I just use my initials. Is this wrong?
A: Yes. Trivial or easily guessed passwords provide very little protection against unauthorized access to University resources. The University security rules require that you use a complex password such as a combination of letters, numbers and punctuation symbols, even if it's initially difficult to remember.
Computer Software and Software Licensing
The University does not own computer software, but rather licenses the right to use software. Accordingly, University-licensed software may be reproduced only by authorized individuals in accordance with the terms of the software-licensing agreements. Unauthorized copying, redistributing, and republishing of copyrighted or proprietary material are strictly prohibited. Copyright laws apply on the Internet as well.
Employees should direct questions about applicable software license agreements to their supervisor or OITC.
For more information, please see the Information Technology and Communications Operating and Security Policy for Students, Faculty and Staff located on the CAU Web site.
Q: My budget doesn't allow everyone to have a copy of a software program. Is it OK to copy the program from someone else's computer and put it on mine?
A: No. This is a violation of federal copyright laws. Check with OITC to determine whether a cost-effective site license is available for the program.
Individual users are responsible for securing their PCs and laptops. Stolen hardware must immediately be reported to Campus Security. If that theft results in the loss or compromise of sensitive information, the type and nature of the data lost will also be reported to the Security Manager, Office of Information Technology. Employees should never take personal laptops, flash drives, external hard drives, etc. off campus that contain social security numbers, individual health information, credit card data, financial information, student grades or personal financial information.