Top 10 Security Practices
1. & 2. Install anti-virus software and keep all computer software patched. Update operating systems, applications, and antivirus software regularly
Software can include bugs which allow someone to monitor or control the computer systems you use. In order to limit these vulnerabilities, make sure that you follow the instructions provided by software vendors to apply the latest fixes. Antivirus and anti-spyware software should also be installed and kept up to date. Did you know Cal Poly offers anti-virus software at no charge to all students, faculty and staff for their personal use? For more information, see: Viruses and Spyware and the Information Security Forum: Safe Computing presentation (PDF).
3. Use a strong password
Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember to change your passwords on a schedule to keep them fresh. Visit Cal Poly Password Manager for additional information and suggestions to ensure compliance with Cal Poly password requirements.
4. Log off public computers
Cybercafe's and hotel business centers offer a convenient way to use a networked computer when you are away from home or your office. But be careful. It's impossible for an ordinary user to tell what the state of their security might be. Since anyone can use them for anything, they have probably been exposed to viruses, worms, trojans, keyloggers, and other nasty malware. Should you use them at all? They're okay for casual web browsing, but they're NOT okay for connecting to your email, which may contain personal information; to any secure system, like the network or server at your office, bank or credit union; or for shopping online. (SANS.org). When using a public area computer, be sure to completely log off when you are finished using it. This will ensure that the next person cannot access your information. Please see our tips on traveling with devices and connecting to the Internet for more advice in this area.
5. Back up important information ... and verify that you can restore it
Due to hardware failure, virus infection, or other causes you may find yourself in a situation where information stored on the device you use is not accessible. Be sure to regularly back up any data which is important to you personally or your role at Cal Poly. StaySafeOnline offers tips on how to back up your important information. For university employees, confidential data backups or copies must be stored securely as stated in the Cal Poly Information Classification and Handling Standard. If applicable, check with your technical support staff to determine if a server-hosted solution is available to meet your needs, as this will better ensure that your data is protected and available when you need it.
6. Keep personal information safe
Be wary of suspicious e-mails
Never respond to emails asking you to disclose any personal information. Cal Poly will never email you asking for your personal information. A common fraud, called "phishing", sends messages that appear to be from a bank, shop or auction, giving a link to a fake website and asking you to follow that link and confirm your account details. The fraudsters then use your account details to buy stuff or transfer money out of the account (SANS.org). Embedded links may also include viruses and malware that are automatically installed on your computer. Cal Poly makes every effort to prevent viruses and other malicious content from reaching your campus email account, but even emails which appear to be from a trustworthy source may be forged. Exercise caution, and when in doubt do not follow links or open attachments from a suspicious message or someone you know unless you are expecting it. View our Safe Computing Presentation (PDF) and our What is Phishing? page for more information.
Pay attention to browser warnings and shop smart online
When we visit a web site, we all just want it to work. So, when a warning pops up to impede progress, instead of accepting it, it's worth slowing down to understand the risks. View the Security Certificates - Warning to protect yourself against identity theft. Credit card and online banking sites are convenient and easy ways to purchase and handle financial transactions. They are also the most frequently spoofed or "faked" sites for phishing scams. Information you provide to online banking and shopping sites should be encrypted and the site's URL should begin with https. Some browsers have an icon representing a lock at the lower right of the browser window (SANS.org). Think about using a virtual credit card or pay pal account to make the transaction instead of your credit card or debit card. More information and online shopping tips can be found at StayStafeOnline and Privacy Rights Clearinghouse.
Use secure Wi-Fi connections at home and away
Is your Wi-Fi network at home password-protected? It should be. Not having your router encrypted is an open invitation for a "bad guy" to gain access to data stored on your home PC and any other connected devices. For information to secure your wireless router at home, visit our wireless home network security presentation (PDF).
A public network is a network that is generally open (unsecured) allowing anyone access to it. These networks are available in airports, hotels, restaurants, and coffee shops, usually in the form of a Wi-Fi (wireless) connection. When you connect to a public network, your online activities and data transmissions can be monitored by others, and your device may be at risk to a potential attack. Please see our traveling with devices and connecting to the Internet page for safety tips on how to use them.
7. Limit social network information
Facebook, Twitter, Google+, YouTube, Pinterest, LinkedIn and other social networks have become an integral part of our online lives. Social networks are a great way to stay connected with others, but you should be wary about how much personal information you post. Learn how to use the privacy and security settings to protect yourself, keep personal information personal, know and manage your friends, know what to do if you encounter a problem. For these and more tips, check out the StaySafeOnline Social Networks page and the Privacy Rights Clearinghouse fact sheet on Social Networking Privacy.
8. Download files legally
Avoid peer-to-peer (P2P) networks and remove any file-sharing clients already installed on your system. Since most P2P applications have worldwide sharing turned on by default during installation, you run the risk of downloading viruses or other malware to your computer, and having your personal and/or confidential information inadvertently shared across the Internet, which could lead to identity theft. This is in addition to having your access to the Cal Poly network suspended if your device is identified as illegally sharing movies, music, TV shows or other copyrighted materials. For more information, see Cal Poly's FAQs on Copyright Infringement and File Sharing and P2P File Sharing Risks by OnGuardOnline.
9. Ctrl-ALt-Delete before you leave your seat! Lock your computer when you walk away from it
When leaving your computer unattended, physically secure it to prevent theft and lock the screen with a password to safeguard data. Or this might happen to you:
"I sent an email to your boss letting him know what you really think of him". This Notepad message was on my screen when I got back to my cubicle after getting up to stretch my legs. What? I had been gone for 180 seconds -- three quick minutes. Lucky for me, the note turned out to be from our systems administrator who wanted to make a point. All it takes is about one minute for a disgruntled colleague to send a message on your behalf to the boss and there is no way for you to prove you didn't send it. In about 30 seconds, a cracker could install a keystroke logger to capture everything you type including company secrets, user names and passwords. In about 15 seconds, a passerby could delete all your documents (SANS.org).
10. Secure your laptop, smart phone or other mobile devices
Every time a laptop computer or other portable devices are lost or stolen, the data on that device has also been stolen. If Cal Poly data is lost, accessed, or compromised as the result of a laptop, tablet, smart phone or other mobile device theft, the resulting damage can be much greater than the cost of replacing the equipment. Don't store personal data on laptops, smart phones, tablets or other mobile devices. Secure your mobile device with a password or PIN. Set an inactivity timeout and encrypt. View these and other mobile device security tips at StaySafeOnline.
If you're like most people, you've probably accumulated a lot of personal information on your phone. This valuable data makes phones a target for thieves and cybercriminals. Your phone is basically a computer and requires, patches, antivirus and anti-malware applications, as well as password protection. Most manufacturers have information on their websites and should have documentation to walk you through the security settings. We recommend that you don't store confidential information on your mobile device unless you have proper security measures in place. App stores for both iPhone and Android phones have good security applications for free, but you may have to do some research to ensure the product is safe. When choosing a mobile antivirus program, it's safest to stick with well-known brands. Otherwise, you risk getting infected by malware disguised as an antivirus application.
Those are just a few helpful hints to keep you and your devices and information secure. Please visit the following sites for more tips on how to protect yourself:
Remember, If you are unsure about something, ask for help!
Learning about information security and safe computing needn’t be a daunting task. If you have questions and you're unable to find the information on our site, please let us know. Our contacts section is a great place to start.