Safe Computing Practices
- Use passwords that can't be easily guessed and protect your passwords.
- Don't share your passwords and avoid writing them down.
- Characteristics of good, cryptic passwords:
- Contain a mixture of upper- and lower-case letters, numbers, and symbols
- At least 8 characters in length (or longer if they're less complex)
- Difficult to guess (e.g. don't include real words or personal information like username, names of family members, places, pets, birthdays, addresses, hobbies, etc.)
- Easy to remember (so you don't have to write them down)
- Password protect all of your devices.
- Minimize storage of sensitive information.
- Delete sensitive information whenever you can. Keep it off of your workstation, laptop computer, and other electronic devices if at all possible.
- Don't keep sensitive information or your only copy of critical data, projects, files, etc. on portable or mobile devices (such as laptop computers, tablets, phones, memory sticks, CDs/DVDs, etc.) unless they are properly protected. These items are extra vulnerable to theft or loss.
- Beware of scams: Never reveal your password or click on unknown links or attachments. Be careful who you share your private information with.
- Don't respond to email, instant messages (IM), texts, phone calls, etc., asking you for your password. You should never disclose your password to anyone, even if they say they work for the government, bank, or other organizations.
- Only click on links from trusted sources. Never click on an unfamiliar link unless you have a way to independently verify that it is safe. This includes tiny URLs and any link where you can't tell where it will take you.
- Don't open unsolicited or unexpected attachments. If you can't verify an attachment is legitimate, delete it.
- Don't give private information to anyone you don't know or who doesn't have a legitimate need for it -- in person, over the phone, via e-mail, IM, text, Facebook, Twitter, etc.
- Beware of CRA scams and phony computer support scams. These are usually over the phone and threaten dire consequences if you don't act immediately.
- Protect information when using the Internet and email.
- Only use trusted, secure web pages when entering personal or sensitive information online. Don't log in to web sites or online applications unless the login page is secure.
- Look for https (not http) in the URL to indicate that there is a secure connection.
- Be especially careful about what you do over wireless. Information and passwords sent via standard, unencrypted wireless is especially easy for hackers to intercept (most public access wireless is unencrypted).
- Check your wireless preferences/settings to make sure your devices aren’t set up to auto-connect to any wireless network they detect. Auto-connecting to unknown networks could put your device and data at risk.
- Don't send data via email, text or instant message (IM). These are not generally secure methods of communication. Sensitive information should not be sent through email. Use a Secure File Transfer (SFT) service to send sensitive information.
- Be extremely careful with filesharing software. Filesharing opens your computer to the risk of malicious files and attackers. Also, if you share copyrighted files, you risk being disconnected from the campus network, as well as serious legal consequences.
- Make sure your computer is protected with anti-virus and all necessary security "patches" and updates, and that you know what you need to do, if anything, to keep them current.
- Shut down or restart your computer at least weekly -- and whenever your programs tell you to in order to install updates. This helps to make sure software and security updates are properly installed.
- Secure laptop computers and mobile devices at all times: Lock them up or carry them with you.
- In your office, at coffee shops, meetings, conferences, etc.
- Remember: Phones and laptops get stolen from cars, houses, and offices all the time.
- Make sure it is locked to or in something permanent.
- Shut down, lock, log off, or put your computer and other devices to sleep before leaving them unattended, and make sure they require a secure password to start up or wake-up.
- <ctrl><alt><delete> or <Windows><L> on a PC; Apple menu or power button on a Mac.
- Also set your computer and portable devices to automatically lock when they're not being used.
- Don't install or download unknown or unsolicited programs/apps to your computer, phone, or other devices.
- These can harbour behind-the-scenes viruses or open a "back door" giving others access to your devices without your knowledge.
- Secure your area before leaving it unattended.
- Lock windows and doors, take keys out of drawers and doors, and never share your access code, card or key.
- Be sure to lock up portable equipment and sensitive material before you leave an area unattended.
- Make backup copies of files or data you are not willing to lose -- and store the copies very securely.
- Secure Your Home Network
- Your router/modem is a physical device that controls who can connect to your network. Every device has a default password that is usually published by the manufacturer. Once installed, change the password on your router/modem to be a strong password that only you know.
- Configure your home wireless devices to use encryption. By using encryption, you can prevent other people from using your network. It would also prevent a hacker from connecting to your network and listening to the data being transmitted. They could steal your login credentials, banking information or other person information. You should configure your wireless access point to use the latest encryption.
- Securing Your Online Accounts
More than likely, you probably have a large number of online accounts on your computer and mobile devices. Here are some tips to secure your online accounts:
- Never reuse passwords between accounts. Consider using long passwords that are hard to guess or try using passphrases. Passphrase are passwords that have multiple words that are not related.
- Use two factor authentication wherever possible.
- On social media accounts, be careful what information you make public. Hackers can use the information you post to try and guess your password or security questions. Have you ever posted your childhood nickname? Favorite movie? The city your parents grew up in? Name of your high school? Favorite author? Each one of these can be used as answers for password reset security questions. If you post this information online, it could be possible for someone to reset your password.
- What To Do if You Have Been Hacked
No matter how secure you are with your password, how well you take care of your devices, you may get hacked. Here are some tips if you do get hacked:
- Change your online account password. Remember that the longer a password is the harder it is to guess. Or you could consider using passphrase. If you're having difficulty remembering your passwords, use get a password manager program. If you reuse a password, consider changing all your passwords to distinct individual passwords.
- You can check to see if any of your accounts have been involved in a major data breach at https://haveibeenpwned.com/.