Good Practices
One of the best ways to protect your information is to make sure that your computer is not vulnerable to attack from the outside. Here are some steps you can take for setting up and maintaining a secure system:
Software:
- Keep your computer patches up to date. An easy way to accomplish this is through the use of BigFix, which is available to everyone at Stanford at no cost. You can download the BigFix agent at: http://ess.stanford.edu.
- Install anti-virus and anti-spyware software and keep it up to date. Sophos is available to everyone at Stanford at no cost; you can obtain a copy at http://ess.stanford.edu. Once you’ve installed Sophos, set the software to automatically update once a day (this is known as virus definition update) so that you have the most current information to combat computer viruses and spyware.
- Remove all services from your computer that you do not need. Some network services, like FileSharing, aren't necessary for most purposes and will leave your computer vulnerable. Stanford Secure Computing provides links to checklists for securing your system.
Emailing and sending information:
- Don't click on links in suspicious email. Check the IRT blog for known phishing scams and other fraudulent emails, or report a suspicious email to irt-security@lists.
- Use the Stanford secure email service if you must send emails discussing High or Moderate Risk information: http://secureemail.stanford.edu. (For help and more info, visit the secure email help page.)
- Use MedSecureSend (MSS) if you need to securely send large files: http://mss.stanford.edu. (For help and tutorials, visit our MSS help page.)
- Handle High, Moderate, and Low-Risk Information according to Stanford policy and the Admin Guide. For more information, visit Stanford Secure Computing: http://securecomputing.stanford.edu.
Everyday, Common-Sense Security Habits:
- Do not share SUNetIDs and passwords—not even with your colleagues; not even with tech support.
- Don't give out personal information on the phone, through the mail, or over the Internet unless you are sure who you are dealing with.
- Use strong passwords for all your accounts.
- Lock your computer screen whenever you leave your cubicle or office:
- • Windows - CTRL+ALT+DEL, Enter or Window+L
- • Macs - use a hot corner to lock or initiate the screen saver
- Never leave sensitive hardcopy material exposed; make a habit of turning documents facedown, and put unnecessary documents away.
- Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
- Shred financial documents and papers with personal information before you discard them.
- Ensure your environment is physically secure. Keep doors and windows closed/locked; don't leave devices or disks lying around; keep your eyes open.
- Back up your computer EVERY DAY.
QUESTIONS?
If you are unsure about what you need to do, contact the IRT Service Desk at 5-8000 and the folks there will walk you through these and other steps for securing your computer.