IT Security is the personal responsibility of each computer user.  The difference between a secure computer system and one that is vulnerable is how the users apply the security measures that are available.  The following measures are your computer security responsibilities.

Never share your user ID or password with anyone else.  Don't tape user IDs and passwords to desks, walls, or terminals, or write them down and store them in list finders, desk drawers, etc.  Do not save a user ID and password on the hard drive of a notebook computer.  Passwords should be a mix of letters and numbers and at least eight characters.  Avoid using any word found in the dictionary as a password. Never use personal information (names of family members, pets, etc.) for your password.

Either log off or use a password protected screen saver when you are away from your desk for a few minutes. Log off when you leave your computer for the day.

Never use software or files obtained from the Internet before scanning them for viruses.  Scan any floppy diskette that has been received from an outside source.  Insure that the current bureau licensed VirusScan software is installed and activated on your PC.

It is the responsibility of individual PC users to back-up their files.  Always keep back-ups of your files in a secure location.  Back-up files frequently.

Never use unlicensed software on your PC.  It is illegal to make copies of copyrighted software.

Always prevent unauthorized access to your files and data.  Lock up your diskettes and software, including manuals.

If you suspect someone has tampered with your files, report it immediately to your supervisor or the IT Security Manager.

Keep food, drink and other hazards far away from your PC or workstation.

Keep unauthorized individuals away from your equipment and data.  Challenge strangers.

Modems are not to be connected to PCS or workstations on the BLM Network.  A modem on a network PC is a backdoor to the network.

Report any computer security incident to the IT Security Manager on Form DI-1974, Computer Security Incident Report.