Working with UNM Data

UNM employees working with UNM data from any computer or mobile device, whether UNM-owned or personally owned, should comply with the following practices.

These practices help reduce the risk of security incidents and data breaches by maintaining UNM data in authorized UNM information systems where the data can be appropriately safeguarded.  These practices can also help protect our own Personally Identifiable Information (PII), when used incidentally on UNM-owned computers or mobile devices. As a rule:

  • Never store PII on UNM-owned workstations or mobile devices
    • Always use approved UNM academic, administrative, and research information systems (such as Banner) for storing PII
    • Always request supervisor approval and approval from the appropriate UNM Data Steward before initiating work with regulated UNM data, or data that otherwise has a defined Data Steward.  The appropriate systems with the appropriate controls must be used for academic, administrative, clinical, and research data
    • Always use a device with an up-to-date/ patched operating system:
      • For UNM-owned devices, these can be provided by:
        • UNM IT Enterprise Managed Systems and Services (EMSS) - Workstations area (formerly Workstation Management), or
        • UNM IT Campus Outreach & Engagement areas (i.e. IT Officers - ITOs)
      • For personally owned computers and mobile devices, always ensure those devices are up-to-date and that they:
        • Have a hard-to-guess security code or passphrase, and
        • Have a screen lock after no more than 5 minutes
    • Always enable encryption on your UNM-owned workstation or mobile device, especially if your job duties involve risk of PII being stored on that device, even temporarily
      • IT EMSS - Workstations and ITOs can assist in configuring encryption for your UNM workstation or mobile device
    • Minimize risk associated with the use of administrative privileges:
      • For UNM-owned devices:
        • Users shall use a standard (non-privileged) account to perform normal activities;
        • Users with administrative privileges shall use a separate account to perform elevated privilege activities;
          • Privileged accounts can be requested via existing support intake methods and provisioned in an enterprise directory service;
            • Exceptions to this requirement may be requested through your IT Officer, and must be accompanied by a description of the needs and issues that prevent compliance with this requirement.
              • IT units shall apply reasonable precaution and exhaust all reasonable efforts before provisioning administrative/elevated access
        • Users with both standard and privileged accounts shall use separate passphrases for each account and more complex passphrases for their privileged account(s)
    • Minimize risk associated with storing email (LoboMail) on non-UNM devices* by using:
      • LoboMail in a web browser; or
      • Microsoft Outlook for Android or iOS on your mobile device
    • Minimize risk associated with storing UNM business documents on non-UNM devices* by using UNM's Enterprise Office 365 environment which includes:
      • Office Online:
        • Excel
        • OneNote
        • Outlook (a.k.a. 'LoboMail')
        • PowerPoint
        • Teams
        • Word
      • One Drive for Business (document storage for Users); or
      • SharePoint Online (document storage for Workgroups)

* Please note that these all refer only to the online version of these Microsoft products. In addition to helping safeguard UNM email and business documents, this practice also helps keep UNM business records stored in UNM’s enterprise information systems and improves UNM’s responsiveness to public records requests, subpoenas, and other legal processes.

Following these steps to protect UNM data will help minimize the risk of data breaches due to computer or mobile device theft, loss, or user account compromise.


The ISPO utilizes the University’s enterprise ticketing system Help.UNM and intake services provided by the UNM Information Technologies (UNM IT) Service Desk, the University's central support organization for information technology-related services and computer-related issues.  All information security-related events, incidents, and requests are forwarded to the ISPO by UNM IT Service Desk Staff.  If you have feedback or questions regarding this document, please use Help.UNM or call the UNM IT Service Desk at 7-5757 to ensure that your request is opened, tracked, and processed in a timely manner.

 


Report an Incident

If you suspect that your NetID (i.e. LoboMail account) or a computer have been compromised and you need to know what to do, please see our FAQ

Abuse Report Form

- or -

Report Message: Junk

 - or -

Report Message: Phishing

 - or - 

Help.UNM Self Service

 - or -

UNM EthicsPoint


For more information, visit our Contact Information page