Technology Use Policy (formerly Appropriate Use Policy)

Approved By: President
Effective Date: June 26, 2023
Revision Date: June 25, 2024

POLICY STATEMENT

The purpose of this policy is to define the appropriate use of Western Illinois University (WIU) information, computing, and communication resources by all users. These services, known collectively as computing resources.

SCOPE (WHO SHOULD READ THIS POLICY)

WIU Technology Use Policy applies to any individual who utilizes WIU-owned or contracted computing resources (known collectively as all users). Users include, but may not be limited to: staff, faculty, alumni, retirees, vendors, subcontractors, students, and prospective students.

DEFINITIONS

  • Computing resources: Any resource used to perform computing operations/processes, such as a tablet, laptop, desktop computer, phone, flash drive, CD, camera, smart television, etc.  This would include 3rd party hosted applications which process or utilize WIU data.

POLICY

WIU provides computing resources to its staff, faculty and students to support the University’s mission. All university-owned computing resources are the sole property of the university. Use of computing resources must be appropriately authorized and limited to University-use only. Personal use of university computing resources is strictly prohibited. Users are prohibited from sharing access to any computing resources they have been granted access to unless permission for the additional party is expressly permitted. Users should be aware that all university computing resources are subject to Freedom of Information Act (FOIA) requests. Users should assume no rights to privacy while utilizing University computing resources. The University retains the right to track and monitor computing resources at any time. Use of university computing resources is a privilege and not a right. All members of the university community are given notice of this policy by virtue of its publication.

Users are responsible for all activities originating from their account(s) and device(s), including all information sent from, intentionally requested, solicited or viewed from their account(s)/device(s). In order to educate users on appropriate cyber security practices and recognize cyber security incidents, all employees will be required to complete security awareness training within 30 days of initial employment and annually thereafter. In addition, all employees who fail phishing tests will be required to complete phishing awareness training.

All WIU owned devices are required to have the following security applied:

  • Automated patching and updates for software and operating systems, as available
  • Hard drive encryption
  • Screen lock after 15 minutes of inactivity
  • Login/password protection at login
  • Up-to-date antivirus and malware protections
  • Disable auto-run
  • Rename local admin account

Users are prohibited from directly connecting to university computing systems or network from a personal device. Connection from a personal device to university computing systems and/or network should be through approved, University-provided VPN connections only. Even utilizing approved methods, users are responsible for the security of their personal devices. Users must ensure their personal computing devices used to access university systems and data are free from malware and viruses. Devices should be kept up to date with security patches and updates for operating systems and any installed software. Personal devices, such as personal laptops and cell phones are required to use the “WIU-OPEN” wireless network for connectivity.

Users of university computing systems or data are required to take appropriate measures and due care to protect university computing systems and data and avoid damage. University computing resources may not be used for any of the following purposes or for any purpose which is illegal, immoral, unethical, dishonest, damaging to the reputation of the University, inconsistent with the mission of the University, or likely to subject the University to liability. Unauthorized uses include, but are not limited to:

  • Attempts to circumvent the security mechanisms of any university system.
  • Attempts to degrade system performance or capacity, or attempt to damage systems, software or intellectual property of others.
  • Unauthorized viewing or use of another person’s computer files, programs, accounts, and data.
  • Unauthorized use of copyrighted materials or trademarks.
  • Use of computing resources to promote, help, finance, or support any political activities, including but not limited to promoting or supporting an individual, group, or organization campaigning for an elected office.
  • Providing unauthorized access to computing resources such as sharing of passwords or logging in to a University system for another person’s use.
  • Use of computer accounts, access codes (including passwords), or any unique identifier assigned to others.
  • Disruption or unauthorized monitoring or scanning of university computing resources.
  • Accessing data or computing resources without proper authorization.

Use of university computing resources by faculty and staff, including student workers, while at work and/or performing the responsibilities of their position, should be consistent with the university mission, this policy, other university policies, and other applicable state and federal laws and regulations, including the State Officials and Employees Ethics Act (SOEEA). All users of university computing resources must comply with all federal, state and other applicable laws; all generally applicable Board of Higher Education and university rules and policies; and all applicable contracts and licenses. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.

Bring Your Own Device

All non-University owned devices are prohibited from the WIU secured network (wired or wireless). Personally owned devices are only permitted by students on the Residence Hall networks. Personally owned devices are only permitted on the “WIU-OPEN” wireless network for faculty, staff, students and guests. Device is a general term used broadly to describe any device that connects to the internet. The following list is provided only to give examples and is not inclusive nor representative of all devices that may have internet connectivity.

Examples of personal computing devices prohibited from connecting to the WIU secured network:

  • Tablets
  • Desktop computers
  • Laptops
  • Mobile phones
  • Raspberry pies
  • Gaming systems
  • Smart watches
  • Fitness trackers
  • Televisions
  • Amazon and Google devices such as an Echo or Dot
  • Smart headphones
  • Smart appliances (i.e. coffee makers)

RESPONSIBILITIES (Implementation and Enforcement)

University Technology is responsible for, implementing, enforcing, updating and maintaining this policy.

RESOURCES