Top 10 Secure Computing Tips – Information Security Office

Tip #1 – You’re a target for hackers

Never say, “It won’t happen to me.” We are all at risk and the stakes are high, both for your personal and financial well-being and for the position and reputation of the university.

• Cybersecurity is everyone’s responsibility

.

• By following the advice below and remaining vigilant, you are doing your part to protect yourself and others.

Tip #2 – Keep Software

Up-to-Date

Installing software updates for your operating system and programs is critical. Always install the latest security updates for your devices:

• Turn on Automatic Updates for your operating system

.

• Use web browsers such as Chrome or Firefox that receive automatic and frequent security updates.
• Be sure to keep your browser add-ons (Flash, Java, etc.) up to date.

Tip #3 – Avoid Phishing Scams: Beware of Suspicious Emails and Phone Calls Phishing

scams

are a constant threat: Using various social engineering tactics, cybercriminals will try to trick you into divulging personal information such as your login ID and password, banking or credit card information.

• Phishing scams can be carried out over the phone, text message, or through social media sites, but most commonly by

email.

• Be wary of any official-looking email or phone call that asks for personal or financial information.

See our Phishing Resources section for details on how to identify phishing scams and protect yourself

.

Tip #4 – Practice Good Password Management

We all have too many passwords to manage, and it’s easy to take shortcuts, such as reusing the same password. A password manager can help you maintain unique and secure passwords for all your accounts. These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically. UC Berkeley offers free LastPass Premium to all users with a CalNet ID.

Our how-to article How to Protect Your Credentials contains detailed recommendations for keeping your password secure.

Tip #5 – Be careful what you click

Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that will install itself automatically (often silently) and compromise your computer.

If the attachments or links in the email are unexpected or suspicious for any reason, don’t click on it.

ISO recommends using Click-to-Play or NoScript, complementary browser features that prevent automatic downloading of plug-in content (e.g. Java, Flash), and scripts that may host malicious code.

Tip #6 – Never Leave Devices Unattended

The physical security of your devices is just as important as their technical security

. If you

• need to leave your laptop, phone, or tablet for an extended period of time, close it so no one else can use it

.

• If you keep data protected on a flash drive or external hard drive, make sure they are encrypted and locked as well

.

• For desktop computers, lock the screen or turn off the system when not in use.

Tip #7 – Protect Protected Data

Be aware of the protected data you come into contact with and its associated restrictions. Review the UCB Data Classification Standard to understand the data protection level requirements. In general:

• Keep high-level Protected Data (e.g., SSN, credit card information, student records, health information, etc.) off your workstation, laptop, or mobile devices.
• Securely delete sensitive data files from your system when they are no longer needed

.

• Always use encryption when storing or transmitting sensitive data.

Not sure how to store or handle sensitive data? Email us at security@berkeley.edu.

Tip #8 – Use

Mobile

Devices Safely Considering how much we trust our mobile devices and how susceptible they are to attacks, you’ll want to make sure you’re protected:

• lock your device with a PIN or password, and never leave it unprotected in public

.

• Only install apps from trusted sources (Apple AppStore, Google Play).
• Keep the device’s operating system up to date

.

• Do not click on links or attachments in unsolicited emails or text messages.
• Avoid transmitting or storing personal information on

your device. Most

• portable devices are capable of using data encryption – see your device’s documentation for available options

.

• Use Apple’s Find My iPhone or Android Device Manager tools to prevent loss or theft.

Tip #9 – Install Antivirus/Antimalware Protection

Only install these programs from a known and trusted source. Keep virus definitions, engines, and software up-to-date to ensure your programs remain effective.

See our Minimum Security Guidelines for Antimalware Software for more information

. Tip #10 –

Back Up Your Data

Make a regular backup: If you are the victim of a security incident, the only guaranteed way to repair your computer is to erase and reinstall the system.