Personal Security Practices

As work routines change, cyber security habits should also change.  To stay secure when working remotely, remember the following:

• When working remotely, do your work from home on your home internet service.  Do not connect to the IUP network with unsecured public Wi-Fi.
• Do not store work data and information with the home computer or personal devices. There is a risk that personal computers and mobile devices do not have the latest security updates for the operating systems and browsers. 
• Avoid printing paper documents with sensitive information at home.
• Make sure your computer has the latest applications, operating systems, network tools, and internal software installed.  Install anti-malware software on your personal laptop or computer.
• As used by IUP, you should create strong passwords for your personally owned computer, mobile device, and email account.  Do not use the same password as you are using for your IUP account.

For all personally owned computers and devices:

• Keep all software up to date. Ensure the latest operating systems, browsers, and apps are installed on computers and devices that connect to the internet.
• Use antivirus software on your PC and MacBook
  • Use Windows Defender on any computer that comes with Windows 8 or above.  Remember, Windows 7 is no longer supported by Microsoft, so consider a new computer purchase, or upgrade your existing computer to Window 10.  Antivirus software can automatically scan downloaded files, email attachments, and content stored on external hard drives, memory cards, and USB sticks.  
  • Download and install Avast if you are using a MacBook. 

Strong passwords are just as important on the home computer and devices as they are on work computers and devices. Do not use names, favorite colors, or reuse passwords for home devices.

Stay "click aware."  It is easy to forget cybersecurity best practices when away from the office. The best strategy is to remain vigilant and skeptical of all unsolicited emails, text messages, social media chats, and attachments. 

When in doubt: don't click!

You are the first line of defense against cyber attacks.

Mobile device cyber attacks are on the rise, so you need to make sure your mobile device is secure.

Follow these tips on mobile device cybersecurity: 

1. Disable Bluetooth audio discovery.  Cybercriminals are on the lookout for Bluetooth signals that they can hack and use to connect to mobile devices.

2. Turn off auto-connect for wireless connections.  Never connect to an open or public Wi-Fi network automatically. In fact, the best practice is to never connect to public Wi-Fi that is not password-protected.

3. If your mobile device support these features, use fingerprint security or visual face authentication.   Enable the highest level of security and authentication possible on your mobile devices. Make sure each mobile device you own is protected by a password that is unique to the device.

4. Make sure you have the latest versions of all apps and operating systems.   Install all updates.  These are typically released to fix known security weaknesses and to protect your device from cyber threats.

5. Be text message aware, just like you are click aware.  Do not respond to text messages from people you do not know. Do not respond to unsolicited text messages from companies or organizations.

6. Be aware of data leakage.  Data leakage is the unauthorized transmission of data from within a vendor or organization to an external destination or recipient.   Do not authorize unlimited app permissions and access. Only give apps the minimum access required.  Make certain that you never install apps that aren't necessary.  You should also periodically review the app on your device and remove apps that you no longer use or don't recognize.

Remember: never leave your devices unattended, lock your devices after use, and do not let a stranger use your mobile device.

Learn more about Password Tips and Best Practices

Learn more about Microsoft Advanced Threat Protection and Phishing.

One other step in keeping your office computer safe is logging off each day, but leaving your PC on so that it receives any necessary security patches or virus updates during the overnight hours.

Also, if you are going to be away from your computer, you can lock it to prevent someone else from using your account. In Windows, you can lock your computer by pressing Ctrl-Alt-Del simultaneously and click on "Lock Computer." You can unlock it when you return by pressing Ctrl-Alt-Del again and entering the password you used to log on to the computer.

You can also use the Windows screen saver to lock your computer automatically after a period of inactivity. To do this:

1. Right-click on a blank area of your desktop.
2. Choose Properties.
3. Click on the Screen Saver tab.
4. Select one of the built-in screen savers from the pull-down list.
5. Select the number of minutes to wait before the Screen Saver activates.
6. Be sure that "On resume, password protect" is selected.
7. Click Apply, then click OK.

The US Computer Emergency Response Team offers extremely valuable information regarding PC security practices. Please take a moment to review these US-Cert websites to aid in protecting your PC and yourself.

Cyber Security Tip ST04-002

Cyber Security Tip ST04-003