Best Practices for Information Security

Information Security is essential to prevent those with malicious intent from accessing data.  Practices may include: Changing your online account passwords, avoiding unsolicited emails, locking or logging off your PC as you walk away, all of these things help prevent data loss from anyone who might wish to compromise accounts.

INSTRUCTIONS

Do not store any personally identifiable information on your computer

Do not store any personally identifiable information (such as Social Security Number, date of birth, Driver's License Number, credit card information and home addresses) on your computer or removable media (such as disks, tapes, USB drives)

Create Complex Passwords

  • at least 8 characters
  • at least one letter
  • at least one digit
  • at least one special character, such as !, #, $, %, ^, etc. Do not use @, /, <, or ?
  • cannot contain all or part of your username or be one of your previous five passwords

Regularly Change Passwords

  • Change on a Monday so you have all week to remember
  • Change all passwords at the same time
  • Use different passwords for each account
  • Do not write down passwords
  • Do not share passwords

Delete or Archive Unnecessary Information

  • Shred papers and destroy CD/DVDs that contain confidential information (use cross-cut shredder)
  • Delete or move information off-line that is no longer needed
  • Old computers should have data completely erased before being discarded.

Password protect computers and use password protected screen savers

All computers should have login passwords
  • Lock your computer when you leave your office (on a PC, press Ctrl+Alt+Delete and select “Lock Computer” on a Mac)
  • Set your computer to automatically lock after 15 minutes of Inactivity
  • Set automatic updates for your computer
  • Your computer should be set with Windows/Mac OS automatic updates option enabled
  • Operating system firewalls should be enabled

Anti-virus and anti-spyware software

  • Anti-virus and anti-spyware software on your computer should be configured to update definitions at least once per day
  • Computers should be scanned daily for new viruses/spyware missed by active protection
  • Viruses/spyware are commonly distributed by websites, screen savers, game software, and other “free” programs
Review our information regarding spyware and viruses or anti-virus software for more information.
Links in unsolicited emails can appear safe but can actually link to websites with malicious content. If you don't recognize the sender or are not expecting the email the best action is to not click on any links at all. If you must click on a link:
  • Type the URL address in the browser
  • Follow a link from a trusted web page
  • Use a previous bookmark
Outlook has a Report button which allows you to identify phishing or spam emails, use this instead of emailing the Service Desk unless you happen to have acted upon one:
  • In Outlook
    • Windows - Report button appears on right side of ribbon.
    • macOS - Report button appears in the middle of the ribbon.
    • Outlook Webmail - Report button appears on the left side of the ribbon.
  • When reporting use "Phishing" or "Junk" options.

Tips for securing laptops & other mobile devices

  • Store all passwords, account names, access codes, login instructions, and authentication tools separately from laptops (not in the pockets of the carrying case)
  • Lock up laptops when not attended (cable lock during the day, in a locked drawer or cabinet when you leave for the day)
  • Keep laptops out of sight when temporarily stored in a car, hotel room, or home
  • When traveling always keep laptop in your possession
  • Record make/model & serial number of your device
  • If a device is stolen or missing contact the IT Service Desk immediately