Security Awareness: General Best Practices for Security

Introduction

While our security environment changes periodically (sometimes rapidly), there are still a number of best practices that apply.  These translate for use of computers and data in our institutional environment, as well as on personal devices.  Best practices should be followed on any personal device used to access institutional data.

Best Practices

1.  Remember that, if you use a computer, you are always at risk.  Any institutional or personal data on the computer or accessible to the computer are at risk if the computer is stolen, lost or "hacked."  And even if data are not involved, a hacked computer may be used for file sharing, or as a platform to launch attacks against other computers and networks. In addition you may be exposed to “viruses”, “worms”, and “Trojan Horses” - forms of software designed to compromise or damage your computer.

2.  Use strong passwords.  A good password should not be easily guessable. Hackers use dictionaries and computers to try ordinary words, and the first passwords they will try are your username or no password. The best passwords use combinations of letters (upper and lower case) and numbers or special characters. At first glance this type of password may seem difficult to remember, but they are not. The easiest thing to do is to remember a phrase and then abbreviate it. If my password were based upon the phrase “Three Blind Mice”, I might set it to 36lindm - using the number 3, substituting the numeral 6 for the letter b, and limiting it to 6 or 7 characters.

3.  Ensure that any computer you work on has an anti-virus application, and that the application automatically updates to receive the signatures of new viruses.  On you personal computer, you can add personal firewall software to limit or control Internet access to your computer.

4.  Keep the operating system and applications upgraded and current on any computer you use.  ISU has regular upgrade and patch update cycles to ensure this is happening on your institutional computer.   Updates like these close vulnerabilities in the software that a hacker may use to breach your computer.

5.  Keep your data backed up and don't retain more data than you need.  Less data or personal information means less risk. 

6.  If you handle sensitive data, such as Social Security numbers, at work, make sure you follow your area's best practices for protecting those data.  Data are vulnerable in many forms - printed, in email, and when stored in a location that is not as secure as it should be.  Follow institutional standards for data security.  For more information related to ISU data security standards, visit https://indstate.teamdynamix.com/TDClient/1851/Portal/KB/ArticleDet?ID=58915

7.  Do not load non-work-related software on your ISU computer.  Applications that you purchase or download may create problems with the software that is critical to your job, but they also may offer additional vectors for hackers.

8. A password-protected screen saver should lock the desktop after a set amount of time with no activity. 

Was this helpful?
100% helpful - 1 review

Details

Article ID: 97316
Created
Tue 2/4/20 12:02 PM
Modified
Tue 7/27/21 10:54 AM