Security Best Practices
Passwords & Logging in
- Use unique long passwords that cannot be easily guessed.
- Don’t use the same password for multiple resources.
- If you need to record your usernames and passwords, be sure to encrypt the file.
- If your work function requires that you share a login with another user, consider using a password manager to easily store and use the shared credentials.
Settings and Software
- Drive Encryption | If your device is stolen, the data is unreadable.
- Local Firewall | Blocks unwelcome incoming network traffic such as trojans, hackers, viruses, etc.
- Antivirus & Anti-malware | Designed to detect, protect against and remove malicious software.
- Updates | Addresses software vulnerabilities that can may be exploited.
Multi-factor authentication (MFA) requires you to verify your identity using one or more factors in addition to a username & password. The additional factor is often your phone or other mobile device. This process prevents anyone but the person in possession of the second factor (e.g., your phone) from logging in. It has been suggested by Microsoft that up to 99.9% of all attacks on your accounts can be prevented with MFA.
To protect your personal information from cyber-criminals, W&L has licensed Duo Multi-Factor Authentication. Learn more about how easy it is to get started.
Simple Work Strategies
- Standard User | Don’t log into computers with an account that has administrator privileges. The computer will prompt you for these permissions when needed. In these circumstances, use a separate set of credentials to elevate your rights. This will significantly reduce the ability of malware to impact your computer.
- Screen Saver Timer & Lock | Develop the habit of locking your computer when you step away – click Win+L or Command+Control+Q. Should you forget or cannot lock the computer, set a screen saver that requires a password to log back in.
- Secure File Transfer | Use Box to share and collaborate on files with protected information. Email attachments are not secure.
- Office Macros | Be aware that hackers can introduce a destructive macro, in a document or file, which can spread a virus on your computer.
- Advanced Threat Protection (ATP) is yet another step in a recent series of measures (e.g., Duo MFA, Okta Single-Sign-On, etc.) ITS has begun to implement for the purpose of protecting W&L’s network from a broad array of cyber attacks.
- Safe Attachments | Protects against unsafe attachments, reducing the chances that malware finds its way to your Inbox.
- Safe Links | Blocks users from clicking on unsafe links by back-checking them against a real-time database of threats. If a link is unsafe, the user is either informed that the site is blocked or warned not to click.
- Spoof Intelligence | Detects when a sender appears to be fraudulently sending email on behalf of one or more user accounts within the University’s domains, also known as spoofing.