1. Be smart with your passwords
Passwords may not be easy to manage, but you can take a few easy steps to make sure they stay safe. After all, they control access to everything from your desktop computer to bank account – so managing them properly means you can protect a lot more private information than you think!
- Don’t use the same password for more than one site or application. If you do, the hacking of only one site can lead to your password being leaked to the public, meaning malicious hackers now have access to all of your accounts.
- The longer and more complex your password is, the more difficult it is for hackers to guess what it is. Come up with a passphrase (below) or use passwords that are at least twelve characters long, have multiple numbers and symbols, and don’t contain any dictionary words. The fewer of these elements a password contains, the more quickly a hacker can guess what it is.
- Choose passwords that aren’t easy to figure out for anyone but yourself. You may come up with a passphrase instead by taking a sentence and changing its capitalization, adding symbols in recognizable or memorable locations, replacing letters with numbers, and avoiding the use of any words that might be in the dictionary. For example, taking the sentence “My poodle’s name is sam” and turning it into a passphrase may result in something like “MyP00dlEzNam3IsSam!2016”. While it might seem difficult to remember, doing things like replacing “O’s” with zeros, changing an “S” to a “Z”, replacing certain letters like “E” with numbers like “3”, and adding other numbers and symbols, like an exclamation point or the year you adopted Sam, have a large difference in making a password significantly more secure.
- Don’t share your password or post it anywhere. Storing passwords under mouse pads, keyboards, on computer monitors, or in another easily accessible or guessable location close your computer is a poor security practice. In such cases, anyone who has physical access to your computer can gain access to it. You may also decide to use a password manager (below).
- Use a password manager like 1Password or LastPass to store your passwords safely on your smartphone or computer. Services such as these safely store your passwords for you and manage the process of remembering them for each site you use or account you have.
- Use two-factor or multi-factor authentication whenever available. Similar to how Duo works at USC, using two-factor authentication on other sites you use where it is available means that even if someone guesses or obtains your password, they cannot access your account without access to your phone. Most large web sites today have this feature available. Search the site’s help section for more information or click here to visit a site which can help determine whether certain services have two-factor authentication available.
- Change your passwords every few months.
2. Be wary of social engineering and phishing scams
Cyber criminals are getting more and more sophisticated and savvy in their attacks, so it’s more important than ever learn to spot their tricks and, in turn, keep your information safe. A phishing attack is a malicious attempt to obtain private information by posing as an otherwise trustworthy or legitimate source. A social engineering attack is very similar to a phishing attack, except it attempts to psychologically manipulate someone into taking an action or disclosing information they might not have otherwise provided. Here are a few tips for preventing yourself from getting tricked:
- Don’t respond to emails or phone calls asking for personal or sensitive business information, including confidential files, usernames or passwords, account numbers, or medical or payment information.
- Don’t open email attachments unless you can verify the authenticity of the sender. If you have even the slightest doubt about the authenticity of an email or its sender, don’t open it! You can usually verify the authenticity of an email or request yourself and through a separate channel than where the request came in. For example, if a fellow employee asks you for account information via email, but the request came from a different address than they normally use, ask them in-person about the authenticity of their request.
- Never, ever reveal your personal credentials or login information to anyone else. IT staff will never ask for nor need your password, and your supervisor or co-workers should never need or have access to it either.
For more information on determining whether an email is authentic, click here.
3. Keep your computer up-to-date & safe from malware
Not updating your computer and not running antivirus software are some of the easiest ways you can become infected with malware. While generally used often by most computer users, vulnerabilities in Adobe Acrobat, Adobe Flash, and Java are some of the most common ways hackers can gain access to your system.
To stay safe, turn on automatic updates in common software you use and in your operating system. Additionally, install antivirus or antimalware software – it’s free for USC staff, faculty and students! For updates Windows Computers, set Windows Update to download and install updates automatically. For updates on Mac OS X computers, check for updates in the Mac App Store on a regular basis.
Third-party applications, included the ones listed above, also require updates. Check in the settings or configuration pages of each application you install to be sure that automatic updates and enabled and installed. It’s also a good idea to routinely verify that updates are installing properly.
Provost IT computers are automatically kept up-to-date on a regular basis, both for Windows Updates and for other common software installed by Provost IT (Adobe Flash, etc.). For more information on this process, click here.
4. Only connect to trusted wireless networks
Connecting to secure wireless networks is an important habit to develop to ensure the safety of your data on mobile devices. Whether you’re on a laptop, tablet or smartphone, being smart about the wireless networks you connect to is a step worth taking to protect your data. Did you know that freely available and easy-to-use online tools allow hackers to read all the data you transmit and receive from your computer if you’re not connected to a secure wireless network? Check out the steps below to learn how to stay safe when connecting without wires:
- Make sure that you’re only connecting to encrypted networks which require a password. One of the ways you can verify this is by looking for a lock icon next to the name of the network you’re connecting to. Other times, an unsecure network might have an alert shield next to it depending on the computer or device you are connecting with.
- If you’re on campus, use the USC Secure Wireless network only. Staff, faculty and students with USCNet IDs should never use the Guest Wireless network as it is not secure.
- If connecting to an unsecure network is the only option, turn on the USC VPN as soon as you connect. This will help make sure that traffic you send over the network is encrypted, even if the network itself is not.
- Be especially cautious of networks in public locations, such as restaurants, coffee shops, airports and other shared areas. Networks in these locations often have no security restrictions which can put your computer and its data at risk.
- If you’re at another university, connect to their secure eduroam network if it is available. This network is a partnership between USC and many different universities around the world which lets you securely access the internet at participating institutions using your full USCNet ID email address (email@example.com) and USCNet ID password to log in.
5. Limit what you post on social networks
Social networks might be fun, but they can often reveal more about you than you think to strangers. By using common sense and taking a few simple steps, you can make sure that every like, retweet, share and status update is done with safety and security in mind.
- Don’t post any information that may give away your location. Thieves and hackers can easily use this information to take advantage of you when you might not be near a computer, or when you’re away from home or at work. Reconsider before posting anything with a geotag and ask yourself if people really need to know where you are posting from.
- Regularly check your personal privacy settings on any social network you use. Sites like Facebook offer a “Privacy Checkup” you can take to make sure that the settings you have set align with your expectations for privacy.
- Don’t post or send personal information on any social media site – even to those you trust. While it may seem secure, you have no idea if the recipient’s account is safe. Also, personal information can be used to attempt to rest your passwords to web sites without your knowledge.
- Be smart about what you post, and don’t post anything on a social media site or app you wouldn’t want to be seen publicly. Even if it’s marked as private, things on the internet truly live forever – and forever is a long time.
6. Backup your data
Accidents happen. Whether it’s spilling coffee on your computer, accidentally deleting an important file, or something worse, it’s important to take regular backups of your computer to ensure your data is safe. Most backup services securely encrypt and then send files on your computer to the cloud, where a second copy is kept with a provider of your choosing. This process generally happens in the background once you install specific software, so there’s often nothing you need to do aside from picking a provider and installing their app on your computer.
Provost IT-supported users all have access to a U: and G: drive to store files safely off of their computer. Both of these network drives are backed up automatically and frequently, so you don’t need to worry about this process. It’s important to use these drives and not store anything on your actual desktop computer or laptop, per Provost IT’s local file storage guidelines.
For personal devices and computers, consider a service such as Crashplan or Carbonite. For as little as a few dollars per month, each service will automatically backup your important files to an offsite location. By doing this, anytime something happens to your computer or your data, getting files back is as simple as downloading them back from the service you choose.
7. Stay safe when on-the-go
These days, it’s hard to stay disconnected from technology and work. Many people understandably need to take their devices with them when they travel, either for work or on personal vacations. From laptops to smartphones and tablets, taking a few simple steps before you leave, while you’re away, and after you come back can help ensure that
- Encrypt any mobile device you travel with. Provost IT automatically encrypts all mobile devices our office purchases and distributes, so there’s nothing you need to do. For personal devices, most manufacturers have built-in and free encryption options which can help protect your device. Apple laptops have a tool called FileVault, Windows devices have a tool called Bitlocker, and most newer iOS devices can be encrypted simply by setting a passcode. Adding encryption to your device transparently makes it almost impossible for thieves to steal your data should your device become lost or stolen.
- Keep valuable electronic devices out of sight and with you at all times. Whether you’re in a public space or crowded train, keeping your devices out of view and not using them in crowded areas in the first place is one of the simplest steps you can take to stay safe – thieves probably can’t steal your device if they don’t know it’s there.
- Take note of your device’s information in case it gets lost or stolen. Be sure you have its serial number, IMEI (another unique identifier), and its full model kept in a location away from the device.
- Never use public internet terminals or kiosks. Commonly found in hotels, airports and coffee shops, these devices can often contain malware which will steal your personal information and login credentials.
- If you’re traveling to a high-risk country, such as one the United States imposes sanctions upon or otherwise blacklists, consider not even taking your devices at all. Not taking your devices, and not connecting back to data, systems, apps or other electronic resources at home, is the simplest and easiest way to stay safe. If you must travel to a medium or high-risk country and bring your work device(s), please contact Provost IT before leaving. Our team has additional requirements and steps we can provide upon request.
8. Keep personal information private
Knowing where to store sensitive information is incredibly important. Whether for work or personal use, knowing how to keep private data out of the hands of strangers and other prying eyes is a basic skill everyone should take the time to learn. Take a look at some of the steps below to learn how to keep your data safe, whether online or on your local computer:
- Only download and use trusted applications and software. Downloading software from untrusted sites, including ones you haven’t been to before or that you accessed via torrent or peer-to-peer network, can cause malicious software to download to your computer. If you computer gives you a warning about an untrusted publisher when you run an application, think twice about that application’s origin before allow it to run.
- When browsing the internet, be sure to use the secure version of web sites, especially on sites which require any login or personal information, like your credit card or address. You can check to see if a site is secure by looking in your browser’s address bar for a URL that starts with “https://” – the “s” denotes the secure form of the site was loaded. Many browsers also have an easy-to-recognize padlock icon next to the URL as well.
- Don’t keep passwords or other sensitive data, such as your driver’s license or social security number, on your mobile device. Use a password manager or well-known and trusted password vault for storing this information. Keeping passwords or other sensitive information written down or as notes or emails on your device is a poor security practice.
9. Don’t forget about mobile devices
These days, our smartphones and tablets might contain more data about us than our desktop computers or laptops. Their GPS can tell where you are and when, what emails you have, who you communicate with most, and what apps you have and use, from online banking to social media. It’s important to keep all of this information safe! By following the tips below, you can ensure that your mobile device doesn’t become a traveling security risk.
- Enable a passcode or password on device. Choose something strong and that has no relevance or association with important dates or other numbers in your life, such as you or a close relative’s birthday, social security number, or similar information.
- Disable wireless features when not in use, including Bluetooth, Wifi, or NFC. Some people can use this data to track you, even if you’re not actively connected to any other devices or networks.
- Be alert to phishing and spam attacks on your mobile device. Attempts to steal your personal information aren’t just limited to desktops and laptops – if you receive a suspicious message on your mobile device, it’s best to ignore it or report it to your service provider.
- Be wary of apps which request your location, especially those that want it when the app itself is closed.
- Pay close attention to requests for information or other data on your device when you install or first use an app. If you install a flashlight app on your phone and it asks for permission to view your contacts and photos, it’s probably malware! Deny the request, uninstall the app, and look for a different one instead.
- Install or activate tracking software on your phone in the event it becomes lost or stolen. Most device manufacturers today offer this service for free, and cell providers themselves usually have an additional service (paid) if your device doesn’t have this feature.
10. Safely dispose of unneeded data
Simply putting files in your trash can or recycle bin isn’t enough in most cases to ensure they’re deleted for good. Most savvy computer users and cybercriminals can use freely available software to recover files you think you might have deleted – so it’s important to keep the tips below in mind to make sure that your digital footprints disappear when you want them to:
- Deleting files on Windows computers often doesn’t actually delete them, even if you empty your Recycle Bin. Use a free file shredding tool to actually make sure they’re gone whenever you want to make sure sensitive information is deleted from your hard drive.
- When disposing of, selling, or giving away your computer, make sure the hard drive is emptied securely beforehand. Use a full disk erasing tool to do this, or, physically destroy the drive yourself if you want to ensure the data is destroyed.
- Use appropriate levels of deletion to ensure data is gone for good. If using an off-the-shelf data destruction tool, select an option which meets Department of Defense data destruction standards.
- Don’t forget about mobile devices too! Be sure they get deleted in the event you give them to others, e-waste them, or otherwise release ownership of them.
- If you have a Mac without a solid state hard drive, use the secure shred function when emptying the trash. It may take longer, but it will ensure that documents are properly deleted.
- If your device does have a solid state hard drive, be sure that it has the TRIM feature enabled. Your device’s user manual or manufacturer has instructions on how to enable this feature, if it is not already enabled by default.
- Securely disposing of data isn’t just restricted to digital data. Be sure that papers you possess get securely destroyed when they are no longer needed, by a cross-cut shredder that exceeds normal standards (i.e. the shreds shouldn’t be longer than a fourth of an inch in length and no more than a few millimeters in width).