Ensure that vendor software updates are applied to your systems promptly. When vendors release software updates, hackers can determine how to break into systems that have not been updated. Hackers then probe systems on the Internet looking for non-updated computers to attack. Your system’s software and application programs should be configured to apply or notify you of automatic updates when available.
Confirm that up-to-date, anti-virus software is running on your systems. Hundreds of new viruses are developed each day. Anti-virus software can only detect and react to known viruses. Your anti-virus software should be configured to automatically apply updates as frequently as possible, at least daily. If you purchase your own anti-virus software for your personal system, remember to renew your subscription before it expires so that you continue to receive updates.
Limit other systems’ ability to access your computer with configuration settings, a firewall and other tools.
Avoid doing every day work using an account with administrative privileges. Set up your day-to-day account with user-level privileges. If you inadvertently open a virus-infected application or link, it will only be able to perform functions on your system that your logged-in ID can perform. Since user-level accounts typically cannot install software, viruses cannot be installed and executed on your system without your entering the administrator ID and password. A second administrator level account can be used when you need to install software or to perform system administrative tasks.
Lock any computer or mobile device when it is left unattended.
Know the sensitivity of the data on your computers, mobile devices and storage media.
Actively control access to sensitive data.
Ensure that your computers and mobile devices encrypt sensitive information when transmitting it over a network.
Avoid using e-mail to exchange or store sensitive information.
Do not install any piece of computer software or mobile “app” until you have confirmed its security is effective. Check with your IT support person or the OIT Help Desk at (609) 258-HELP to determine if the software has been approved for University use. If the University has not reviewed the product, check the reviews published by well-known, respected product review organizations, such as C|NET, PC World, Mac World, etc.
Protect your web browsing cookies. “Cookies” are small files that web sites send to your browser to facilitate your interaction with the site. If you’ve entered sensitive data into a web site, it may be held in a cookie, but how well protected the cookies are is up to the web site. To ensure that one site does not obtain sensitive data by reading another site’s cookies, set up your browser to delete all cookies when you exit, and make sure that, when you exchange sensitive information with a web site, you close all browser windows before accessing another site.
Use discretion when surfing the Web. Avoid web sites of organizations or individuals of an unknown or questionable reputation. Shun web sites that have a history of spreading malicious software, such as pop culture sites. Before clicking a link, view the web site’s address by passing the cursor over the link (but not clicking). The web site address that displays should point to a site name that you expect.
Be discerning when clicking links or attachments.
Beware of the phishing threat. Phishing is a scam that tricks you into providing passwords, social security numbers, bank account and credit card numbers, or other personal information while pretending to be from a legitimate institution. Reputable organizations do not ask that you provide personal information in an e-mail reply. If you receive a suspect message appearing to be from Princeton, contact the OIT Help Desk at (609) 258-HELP.
Be suspicious of unsolicited Web messages, warnings, popups and free services. Responding to unsolicited messages, warnings and popups you receive while web browsing, especially ones promising free services, such as “We’ve detected a virus on your system!!” and “Click here for faster Internet!” may download malicious software onto your system or expose your Web traffic to unauthorized individuals, even if it is encrypted. Avoid clicking anything on a popup window. Close popups using your browser menu or system task bar.
Wipe your computers, mobile devices and storage media before discarding, donating or repurposing them. Deleting a file does not actually erase it. Systems delete files by marking the storage space the file occupies for reuse. Until that space is reused, the data is still there. Disk shredding software erases individual files on demand. Disk wiping software completely erases a storage medium.
NOTE - If a University computer, mobile device or storage medium is lost, stolen or compromised, or you suspect that sensitive University information has been exposed, please contact the OIT Help Desk immediately at (609) 258-HELP. Consultants are available to help you 24 hours a day, seven days a week.