Security Awareness: General Best Practices for Security

Introduction

While our security environment changes periodically (sometimes rapidly), there are still a number of best practices that apply.  These translate for use of computers and data in our institutional environment, as well as on personal devices.  Best practices should be followed on any personal device used to access institutional data.

Best Practices

1.  Remember that, if you use a computer system or device you are always at risk.  Any institutional or personal data on the computer system or device or accessible to the computer system or device are at risk if it is stolen, lost or "hacked."  And even if data are not involved, a hacked computer system or device may be used for file sharing, or as a platform to launch attacks against other computer systems, devices, and networks. In addition you may be exposed to “viruses”, “worms”, and “Trojan Horses” - forms of software designed to compromise or damage your computer.

2.  Use strong passwords and multi-factor authentication.  A good password should not be easily guessable. Hackers use dictionaries and computers to try ordinary words, and the first passwords they will try are your username or no password. The best passwords use a short phrase with a mix of numbers, upper and lower case letters, and a special character. If my password were based upon the phrase “Three Blind Mice”, I might set it to "3! Blind Mice" - using the number 3 and adding an exclamation point.

3.  Ensure that any computer system or device you work on has an anti-virus application, and that the application automatically updates to receive the signatures of new viruses.  On you personal computer system or device, you can add personal firewall software to limit or control Internet access to your computer system or device.

4.  Keep the operating system and applications upgraded and current on any coomputer system or device you use.  ISU has regular upgrade and patch update cycles to ensure this is happening on your institutional computer.   Updates like these close vulnerabilities in the software that a hacker may use to breach your computer system or device.

5.  Keep your data backed up (using O365!) and don't retain more data than you need.  Less data or personal information means less risk. 

6.  If you handle sensitive data, such as Social Security numbers, at work, make sure you follow your area's best practices for protecting those data.  Data are vulnerable in many forms - printed, in email, and when stored in a location that is not as secure as it should be.  Follow institutional standards for data security.  For more information related to ISU data security standards, visit https://indstate.teamdynamix.com/TDClient/1851/Portal/KB/ArticleDet?ID=58915

7.  Do not load non-work-related software on your ISU computer system or device.  Applications that you purchase or download may create problems with the software that is critical to your job, but they also may offer additional vectors for hackers. Recreational browsing and looking for 'free'  music, movies, books, and software often put ISU workstations at risk. We all need a break sometimes, but if necessary then try to minimize this activity to personal smart phones or other personal devices.

8. A password-protected screen saver should lock the computer system or device after a set amount of time with no activity. 

100% helpful - 1 review