Top 10 Security Practices
1. Keep your computer software patched. Update operating systems, applications, and antivirus software
Software can include bugs which allow someone to monitor or control the computer systems you use. In order to limit these vulnerabilities, make sure that you follow the instructions provided by software vendors to apply the latest fixes. Antivirus and anti-spyware software should also be installed and kept up to date. For more information, see: Viruses and Spyware and the Information Security Forum: Safe Computing presentation (PDF).
2. Be wary of suspicious e-mails
A common fraud, called "phishing", sends messages that appear to be from a bank, shop or auction, giving a link to a fake website and asking you to follow that link and confirm your account details. The fraudsters then use your account details to buy stuff or transfer money out of the account (SANS.org). Embedded links may also include viruses and malware that are automatically installed on your computer. Cal Poly makes every effort to prevent viruses and other malicious content from reaching your campus email account, but even emails which appear to be from a trustworthy source may be forged. Exercise caution, and when in doubt do not follow links or open attachments from a suspicious message or someone you know unless you are expecting it. View our Safe Computing Presentation (PDF) and our What is Phishing? page for more information.
3. Use a strong password
Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember to change your passwords on a schedule to keep them fresh (SANS.org). Visit Cal Poly Password Manager for additional information and suggestions to ensure compliance with Cal Poly password requirements (PDF).
4. Pay attention to browser warnings and shop smart online
When we visit a web site, we all just want it to work. So, when a warning pops up to impede progress, instead of accepting it, it's worth slowing down to understand the risks. View the Security Certificates - Warning to protect yourself against identity theft. Credit card and online banking sites are convenient and easy ways to purchase and handle financial transactions. They are also the most frequently spoofed or "faked" sites for phishing scams. Information you provide to online banking and shopping sites should be encrypted and the site's URL should begin with https. Some browsers have an icon representing a lock at the lower right of the browser window (SANS.org). Think about using a virtual credit card or pay pal account to make the transaction instead of your credit card or debit card. Additional information and tips can be found at Privacy Rights Clearinghouse.
Every time a laptop computer or other portable devices are lost or stolen, the data on that device has also been stolen. If Cal Poly data is lost, accessed, or compromised as the result of a laptop, PDA, or other mobile device theft, the resulting damage can be much greater than the cost of replacing the equipment. Don't store personal data on laptops, PDAs, or other mobile devices. View laptop security tips and quick facts at OnGuardOnline.
6. Back up your data… and verify that you are able to restore it
Due to hardware failure, virus infection, or other causes you may find yourself in a situation where information stored on the computer you use is not accessible. Be sure to regularly back up any data which is important to you or your role at Cal Poly. Confidential data backups or copies must be stored securely as stated in the Cal Poly Information Classification and Handling Standard. If applicable, check with your technical support staff to determine if a server-hosted solution is available to meet your needs, as this will better ensure that your data is protected and available when you need it.
7.Use secure Wi-Fi connections
Is your Wi-Fi network at home password-protected? It should be. Not having your router encrypted is an open invitation for a "bad guy" to gain access to data stored on your home PC and any other connected devices. For information to secure your wireless router at home, visit our wireless home network security presentation (PDF).
8. Avoid public computers
Cybercafe's and hotel business centers offer a convenient way to use a networked computer when you are away from home or your office. But be careful. It's impossible for an ordinary user to tell what the state of their security might be. Since anyone can use them for anything, they have probably been exposed to viruses, worms, trojans, keyloggers, and other nasty malware. Should you use them at all? They're okay for casual web browsing, but they're NOT okay for connecting to your email, which may contain personal information; to any secure system, like the network or server at your office, bank or credit union; or for shopping online (SANS.org).
9. Lock down smartphones
If you're like most people, you've probably accumulated a lot of personal information on your phone. This valuable data makes smartphones a target for thieves and cybercriminals. Your phone is basically a computer and requires, patches, antivirus and anti-malware applications, as well as password protection. Most manufacturers have information on their websites and should have documentation to walk you through the security settings. We recommend that you don't store confidential information on your mobile device. unless you have proper security measures in place. App stores for both iPhone and Android phones have good security applications for free, but you may have to do some research to ensure the product is safe (Eweek.com ie: apps) . When choosing a mobile antivirus program, it's safest to stick with well-known brands. Otherwise, you risk getting infected by malware disguised as an antivirus application.
10. Ctrl-ALt-Delete before you leave your seat! Lock your workstation when you walk away from it
"I sent an email to your boss letting him know what you really think of him". This Notepad message was on my screen when I got back to my cubicle after getting up to stretch my legs. What? I had been gone for 180 seconds -- three quick minutes. Lucky for me, the note turned out to be from our systems administrator who wanted to make a point. All it takes is about one minute for a disgruntled colleague to send a message on your behalf to the boss and there is no way for you to prove you didn't send it. In about 30 seconds, a cracker could install a keystroke logger to capture everything you type including company secrets, user names and passwords. In about 15 seconds, a passerby could delete all your documents (SANS.org).
Remember, If you are unsure about something, ask for help!
Learning about information security and safe computing needn’t be a daunting task. If you have questions and you're unable to find the information on our site, please let us know. Our contacts section is a great place to start.