We've put together a list of 10 tips to help keep you and your data more secure.
- Run a current anti-virus software.
- Update your operating system and applications regularly.
- Delete email attachments that you are not expecting without opening them.
- Use smart password management.
- Surf smart.
- Don't be caught phishing.
- Mobile devices.
- Backup your data.
- Social engineering.
One of the most important ways to protect your computer is to have anti-virus software that is up to date and running. Anti-virus software protects computers from known viruses by checking all incoming email attachments and files you download, read or execute. If a file on your computer is found to contain a virus, it is quarantined before it can infect your machine. Keeping your computer virus-free is very important. CSU-issued computers have Cisco AMP preinstalled, so there's nothing you need to do to enable this protection. For personally owned computers, we recommend you enable Windows Defender Antivirus, a component of Windows Security built into Windows 10 by following Microsoft's instructions. You can set your virus scanner to automatically update itself daily as long as your PC is turned on and has an Internet connection for the selected time. You can also update most anti-virus products manually.
2. System updates
Windows, the Microsoft operating system, is often found to contain flaws or bugs. Sometimes these flaws are severe enough to allow a hacker to take control of your computer. To eliminate this problem, Microsoft periodically issues updates to Windows. It is very important that you apply these updates or patches regularly to your computer. Fortunately, Windows is easily updated to eliminate known flaws. The best way to do this is through the automatic download/install feature built into Windows. Simply go to Start, Control Panel, and Windows Update for Windows 7. Select Change Settings and then select Install updates automatically.
Although other operating systems such as Apple's macOS release updates less frequently, they are not immune to vulnerabilities and making sure the operating system is up to date is just as important. To check for system updates on macOS, click on the Apple icon in the top left of the screen and select the App Store. The far right tab labeled Updates will show you all available patches.
Keeping your installed applications up to date can be a tedious yet necessary process as well. There are free software packages such as Fluxera PSI which can help identify and even update (in some cases) outdated software.
3. Delete email attachments that you are not expecting without opening them.
Only open email attachments you’re expecting. Most viruses are spread via email and virus writers are getting very good at tricking people into clicking on attachments. So, if you receive email from a relative, a close friend or someone you know which contains an attachment and you’re not expecting it – DON’T OPEN THE ATTACHMENT!!! If you receive an email with an attachment from your bank, school, software vendor, etc., and you’re not expecting it – DON’T OPEN THE ATTACHMENT!!! Virus emails always lie about who they’re from. While a virus email may look like it came from the person that’s designated in the header’s ‘From:’ field, this is never the case.
4. Use smart password management.
Keeping track of passwords is difficult. This problem can lead to bad password habits such as password re-use. It is important to practice smart password management both on and off campus. Check out our guide to Creating Good Passwords.
There are also quite a few good password management tools such as LastPass, 1Password and Keepass (local) which help you not only generate strong passwords, but also keep track of them in an encrypted database. Click here for more in depth information on password managers and how they work.
5. Surf smart.
Some hackers are taking advantage of vulnerabilities in web browsers by writing code that breaks into PCs when a web page is viewed. To prevent such a problem:
- Be cautious of every website you browse to. Never follow links sent to you from someone you don’t know.
- Keep your browser software updated.
- At home, consider using a browser other than Internet Explorer (Ex. Mozilla’s Firefox, Google Chrome).
6. Don't be caught phishing!
Phishing attacks use “spoofed” emails and fraudulent websites designed to fool you into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By copying the logos of well-known banks, online retailers and credit card companies and placing them in the emails they send, phishers are able to convince up to 5% of recipients to respond to them. Here’s what you can do to minimize these kinds of problems:
- Be suspicious of any email with urgent requests for personal financial information. Banks will never ask for your password. See http://www.antiphishing.org for more information.
- Don’t use the links in an email to get to any web page. Instead, call the company on the phone, or log onto the website directly by typing in the web address in your browser.
- Avoid filling out forms in email messages that ask for personal financial information.
- Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your web browser.
- Regularly log into your online accounts.
- Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
- Ensure that your browser is updated and security patches applied.
- Be sure to report phishing messages in our Engage 365 E-mail System. (Click here for instructions on reporting these messages)
7. Mobile devices
A growing number of us are relying on our mobile devices more and more. With that, these devices end up with a lot more sensitive information than we realize and are comfortable with. Here are some tips to help secure our mobile devices both physically and electronically:
- Always set a complex passcode on your device.
- Enable Apple's Find my iPhone, Android Device Manager's Find My Phone features.
- Make sure your device is running the latest operating system.
- Think twice before storing sensitive information on your device.
- Enable encryption if it's not enabled by default. (guide)
8. Backup your data!
Keeping up to date secure backups of your information is necessary for many reasons. Whether it's a hardware failure, theft, accidental deletion or specifically designed malware - ensuring you have a backup copy of your important data is the only way to protect yourself. There are many cloud backup providers that offer fee or subscription based encrypted backups such as BackBlaze and Carbonite.
9. Social engineering.
Always err on the side of caution when interacting with someone who is requesting information. Social engineering is becoming the most popular way to steal personal and business information and hack users accounts. The most important defense is knowing how often it occurs and doing your due diligence to mitigate it as best you can. When divulging information, it is important to ask yourself if the person requesting this information really deserves to know it. You have the right to request what your personal information will be used for. It's also important to understand what personal information about you is publicly accessible.(ex. social media, public record, web pages etc.)
10. Use a firewall
If you are using a DSL or cable connection to the Internet at home, purchase a firewall or turn on the firewall that comes standard on most DSL or cable routers. A firewall is a piece of hardware, or a software program that examines data passing into your computer or network and discards it if it does not meet certain criteria. We recommend that you use the built-in firewall in Windows. Go to Start, Control Panel, and click on Windows Firewall. Select On and Don’t Allow Exceptions. If you don’t want to use a firewall, then we suggest that you turn off your PC when not in use OR disconnect it from the Internet (unplug the ethernet cable or disconnect from wireless).