Physical security is one of the most overlooked — and most effective — layers of IT security. Learn how to protect your workspace, devices, and university data from threats that don't require a single line of code.
Why physical security matters
Most people think of cybersecurity as a technical problem — firewalls, passwords, encryption. But some of the most damaging security incidents start with something much simpler: someone walking into an unlocked office, picking up an unattended device, or plugging in a USB drive they found in a parking lot.
Physical access often bypasses every technical control. A person sitting at an unlocked, logged-in computer has access to everything on it — no password required. Good physical habits are not optional security hygiene; they are a core part of protecting NCU data and your own.
Securing your workspace
Habits that prevent the most common physical security incidents
- Lock your office every time you leave — including short trips. A bathroom break is long enough for someone to photograph a screen, copy a file, or take a device. Make locking the door a reflex, not a consideration.
- Be aware of who is in your space. If someone unfamiliar is in your immediate work area and their presence hasn't been explained, it's reasonable to ask if they need assistance. If they're behaving suspiciously or refuse to leave, contact NCU Security immediately.
- Be aware of shoulder surfing. In shared or public areas — classrooms, common rooms, coffee shops — people nearby can read your screen. Position your screen away from foot traffic when working with sensitive information.
- Never write down passwords. Not on paper, not on a sticky note, not taped under a keyboard or monitor. If you need help managing passwords, use a password manager — ask IT for recommendations.
- Don't leave sensitive documents unattended. Printed reports, student records, or any document containing personal or institutional data should be locked away or shredded — not left on a desk when you're away.
Securing your devices
When stepping away from your desk
- Lock your screen every time. Windows: Win + L. Mac: Cmd + Ctrl + Q. Make it automatic — set your screen to lock after 5 minutes of inactivity at most.
- Never leave a logged-in laptop unattended in a public space. A coffee shop, library, or conference room is not a safe place to leave an open device, even briefly.
- Enable Find My / device tracking. If your device is lost or stolen, tracking software gives IT and law enforcement the best chance of recovery.
If a device is lost or stolen
- Report it to IT immediately: 612.343.4170 or the IT security incident form.
- IT can remotely wipe an NCU-managed device to prevent unauthorized access to university data.
- Change your NCU password immediately — assume any saved credentials on the device are compromised.
- File a police report if the device was stolen — your insurance may also require it.
Physical media and USB drives
Never plug in a USB drive you didn't purchase yourself
USB drives found in parking lots, handed out at events, or left on desks are a well-documented attack vector. Plugging in an unknown drive can silently install malware before you've opened a single file. If you find a suspicious drive plugged into a university computer, remove it and contact IT immediately — do not open any files on it first.
If you must use a USB drive for university data
- Avoid it where possible. OneDrive (staff and faculty) and Google Drive (students) provide secure, accessible cloud storage that doesn't carry the loss and theft risk of a physical drive. Use those first.
- Encrypt the drive if you must use one. Encryption is built into Windows (BitLocker) and macOS (Disk Utility). An encrypted drive is unreadable without the passphrase even if lost or stolen.
- Never store sensitive university data — student records, financial data, personal information — on a USB drive. The risk of loss is too high and may carry legal or regulatory consequences for NCU.
- If you lose a drive containing university data, report it to IT immediately via the IT security incident form. Depending on what was on it, NCU may have legal notification obligations.
Reporting an incident
Phone 612.343.4170
In person IT Service Desk, Miller Hall