General Computer and Information Security Recommendations

Physical Security
• Lockdown PCs, laptops, flat panel displays, printers and other high-value items.
• Never leave mobile/portable devices unattended.
• Lock doors to rooms and workspaces when not in use.
• Lock desks and file drawers when unattended.
• Do not allow unknown persons to use your computing devices.
• Shred un-needed materials containing sensitive or confidential information.

Passwords
• Define a strong administrative password on your computer, and keep it to yourself.
• Change the administrative password often.
• Define strong passwords. Use a combination of letters and numbers. Don’t use dictionary words.
• Avoid writing passwords down.
• Change all passwords frequently.
• Never share passwords.
• Never check the “remember my password” box in dialog boxes.

Your personal privacy
• It is not necessary to share everything about yourself with others.
• Keep sensitive personal information to yourself.
• Trust is earned. Look to establish trust first, then consider sharing, but with discretion.
• Don’t be afraid to say “I’d rather not share that information.”
• When someone asks you for personal information, don’t be afraid to ask them:

>what items of information are you collecting ?
>why are you collecting the information ?
>how will the information be used ?
>with whom will the information be shared ?
>how will the information be protected ?

If the person asking you for information cannot answer all the questions quickly and concisely, refrain from giving out your information.

• Protect your e-mail address.
• Avoid configuring personal information into your web browser software.
• Configure your web browser software to clear personal information when quitting the browser.

Respecting others’ privacy
• Don’t share others’ personal or confidential information.
• Use of web cams or other technologies to capture, transmit or record video and/or audio in locations where a reasonable expectation of privacy exists may violate the Appropriate Use Policy. Never engage in this activity unless permission has first been obtained from all persons to be depicted and/or recorded.

Antivirus and firewall software
• Install and maintain anti-virus and firewall software on every computer you own.
• Schedule automatic virus definition updates.

E-mail
• Don’t click on or open unexpected messages or attachments, links or messages from unknown senders.
• Don’t open messages with unrecognized subject lines.
• Never reply to unsolicited e-mail or web forms.
• Never click on an unsolicited web link.
• Never respond to a request for your password. All such requests are fraudulent.

Protecting your identity
• Protect your Social Security Number, driver’s license number, and passport number, as well as documents on which these numbers appear.
• Don’t write down PIN numbers. Do not carry your Social Security Card.
• Avoid giving out personal information unless you initiated the transaction.
• Protect your wallet or purse from loss or theft.
• Collect paper mail promptly from your mailbox.. Shred confidential information before discarding.
• Check banking and credit card statements for accuracy. Report any suspicious transactions immediately to your financial institution.
• Check credit report regularly. Report errors or unusual activity immediately to the relevant financial institution and all three credit reporting agencies:
Equifax: http://www.equifax.com/home/
Trans-Union: http://www.transunion.com/ Experian: http://www.experian.com/

Confidential Information
• Never discuss confidential information in public places.
• Keep your desk clear of sensitive information.
• Secure sensitive information in locked containers.
• Shred unwanted/unnecessary papers.

Instant Messaging and Audio/Video Chat
• Never accept unsolicited downloads/offers.
• Never discuss confidential information on chat.
• Never use IM or IRC to authorize transactions or payments.
• Be mindful of the privacy rights of others who may be range of your video and/or audio chat.

Spyware/Trojan Horse/Keylogger detection
• Consider installing and maintaining spyware/Trojan/keylogger detection software on every computer you own.
• Avoid performing sensitive transactions on public workstations or open (hotspot) networks. When on campus, consider using NuWave Secure wireless service.

Operating System and Application Software
• Keep original copies of installation media & license keys.
• Register for product updates.
• Monitor manufacturer websites for updates.
• Use “auto update” features of operating system and application websites.

Data Management, Backup and Storage
• Backup critical data daily. Use myFiles, USB stick or other method of your choice.
• Store backups in a safe location.
• Delete unnecessary files on a regular basis.

Making your computer less attractive to unauthorized users
• Lock your devices down. Use security cables.
• Before leaving your computer, always logout.
• Turn computing devices OFF when not in use.
• Don’t write passwords in, on or around computer or keyboard.
• Consider storing laptops and other high value portable gear in locked drawers/containers.

Traveling with mobile devices
• Secure all mobile devices using locking cables.
• Never place a laptop in checked baggage.
• Avoid carrying a laptop in a “computer case”. Instead, use a less-conspicuous carrier.

Online shopping and auctions
(Sources: E-Bay, FBI Internet Fraud Center, Federal Trade Commission)
• Deal with only reputable merchants. Check seller feedback before buying.
• Check website URL’s carefully. Make sure you have the correct site.
• Before supplying sensitive information to a web page, look for the “https://” in the URL.
• Pay by credit card, never with a bank wire.
• Consider avoiding sellers who demand Western Union payment.
• Don’t be lured off an auction site to complete a transaction. Consider using the site’s authorized escrow service, especially for expensive items.
• Before sending money, communicate with seller via email and phone, if possible.
• Print records of all merchandise descriptions, transactions and communications with sellers.
• Never respond to email or websites asking you to confirm information such as name, password, or credit card number.

Signs and symptoms of computer compromise
If a combination of these signs and symptoms are present on your computer, please contact the ResNet
Resource Center or IS Service Desk for assistance.
• Unexpected disk activity when computer is not in use.
• Unexpected files appear. Expected files disappear.
• Disk space utilization is higher than expected.
• Computer is unusually slow or sluggish.

Your Credit Report
It is recommended to check your credit report at least once yearly. All consumers are entitled to one free credit report per year. At the time of writing, the URL to order this report is: https://www.annualcreditreport.com/cra/index.jsp

CAUTION ! When typing the above URL into your web browser, please do so carefully. Many imposter sites exist with spellings very close to the official URL shown above.

Unauthorized Interception of Electronic Communications
Unauthorized interception of electronic communications may constitute a violation of Federal law. Never engage in this activity.

Copyright Resources
US Copyright Office home page: http://www.loc.gov/copyright/
US Copyright FAQ http://www.loc.gov/copyright/faq.html

Computer Security Resources
Microsoft: http://www.microsoft.com/security/
Apple: http://www.info.apple.com/
Symantec: http://www.symantec.com/
CERT: http://www.cert.org/

NU Information Security Resources
If you have questions about information security, please contact the Office of Information Security at itsecurity@neu.edu.