Security Awareness for Staff

Only YOU can protect university electronic resources! Here's how:

Use a strong password to access your computer

Set up your computer so that you must enter a password before use. A strong password should:

  • Have a minimum length of 9 characters
  • Contain characters from at least three of the following groups: uppercase, lowercase, numeric, other characters (such as !, $, #, or %)
  • Not contain your first name, middle name, last name, or CalNet ID
  • Not contain words from the dictionary, spelled forward or backward

Also set your computer so that the screen “locks”, requiring your password to unlock, after a period of inactivity (20-30 min recommended).

Keep your software up-to-date

Windows and Mac OS have automatic update features so make sure these are turned on and that you are receiving the latest updates. Many other software programs have a "check for updates" feature – use this feature whenever available. If your operating system or software programs are no longer supported with security updates, it's time to upgrade.

Run anti-virus software and keep it up-to-date

Free anti-virus software is available from Software Central. Check the date on your virus "definitions" from time to time to make sure it is being updated regularly.

Enable your firewall

Windows and Mac OS both come with a built-in firewall. A firewall is also included with the Symantec software available for free to the campus. Make sure a firewall is running on your computer and only make exceptions for needed services.

Be careful on the web

Many computers become infected from visiting infected websites or downloading "free" software from untrusted websites. Risky behavior includes:

  • Clicking on links from email or instant messaging (IM)
  • Visiting unknown or untrusted sites
  • Clicking on or in "pop-up" windows
  • Downloading software except from well-known trusted sources.

McAfee SiteAdvisor can help you identify potentially unsafe sites: http://www.siteadvisor.com/

Don't get phished

Phishing is a technique used to steal passwords or personal information by tricking you into revealing the information. To protect yourself:

  • NEVER send passwords, social security numbers, or other sensitive information through email to ANYONE
  • Recognize phishing emails and links: http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx
  • Use your own bookmarks to access banking and other secure sites instead of clicking links sent via email
  • When in doubt, confirm with a trusted source before entering your information into a website

Avoid file sharing "peer-to-peer" (P2P) software

Peer-to-peer software that allows you to share and download music, movies, and other files can:

  • Open your computer to network attacks
  • Slow down your computer and network connection
  • Expose private information stored on your computer
  • Put you at risk for copyright infringement

To be safe, do not install P2P software on your work computer, unless you have a work-related need and your local computer support person has confirmed a secure configuration.

Keep sensitive data off your computer

Sensitive data stored on your computer could be stolen if your computer is compromised. These data types should never be stored on a personal computer without encryption, and should never be copied to home computers, removable media, or mobile devices:

  • Social security numbers
  • Driver's license or California identification numbers
  • Financial account numbers
  • Credit or debit card numbers
  • Medical information
  • Health insurance information

Other policies restrict the use of other university data such as student records, so check with your department before copying university data from web/file servers to your computer or mobile devices.