Safe Computing: What Can I Do?

Introduction

There are many computer-related threats to our work, our productivity. The responsibility for protecting our assets cuts across many individuals and groups. This page is about what you can do to protect yourself and the rest of us.

• Protecting your computer from attack or malicious code such as viruses or other malware
• Protecting your credentials/identity (passwords, credit card information)
• Protecting your work (your time, your results, sensitive University information)

Below are suggestions (sometimes policy) for protecting your and our resources. If you have any questions as a result of these suggestions, please contact Ryan Thomas or Tim Vruwink at 244-6053.

Protect Your Machine, Our Network

Significant efforts are made by IT professionals at different levels of the University to protect your machine, our network. But each of us has a responsibility—especially with regard to personally owned machines brought to campus. At minimum, we recommend that you...

• Install anti-virus software and make sure it's configured properly to keep itself updated automatically.***
• Configure your machine to download and install system updates automatically ...
  and to respond to requests to restart your machine as needed.***
  (Windows XP or Mac OS X instructions)
• For Windows XP computers enable the firewall feature. **
• DO NOT open unexpected e-mail attachments even from known senders unless verified.
• DO NOT open web links in e-mail unless verified or otherwise deemed safe.

For more detailed instructions and information, please see the links under "How To Be More Secure" at http://www.cites.uiuc.edu/security.

Protect Your Credentials, Your Identity

In addition to the above, it's important to protect your passwords and other credentials—just as you protect credit cards and keys.

• Do not give out account information or passwords to anyone.* 
  Not only is this risky behavior, it is against University policy.  (See 4.c.ii and 4.d.i of Appropriate Use Policy.)
• Use good passwords.
  See CITES' password page for good recommendations on creating good passwords that are easy to remember.
• Keep passwords safe. 
  In recognition of the difficulty finding both a convenient yet secure place for passwords, the CIO's Office has site-licensed a cross-platform solution called Password Vault available at no cost to University personnel and students through CITES' Webstore.
• Log out or lock your computer when you are away from it.
  If you don't, then anyone with physical access to your computer when you are away can access your email and files as if they were you. Consider setting your screen saver to lock your computer automatically when idle.

Protect Your Work, Our Information

In addition to the above, it's important to protect the results of your labor and any sensitive information with which you work:

• Usenetwork storage.*** 
  Our network file services, the servers they run on and the storage they use are highly available, highly fault tolerant and have layers of redundant backups including "Shadow Copies" (an end-user restore feature for Windows XP users) and iterative, nightly tape backups. If your work is on the network, your data is safe even when your disk crashes, your data is overwritten by malware, or your computer is stolen.
• Log out or lock your computer when you are away from it (see above).
• Don't assume email is safe. 
  Unless you have installed and are using special security software (e.g., PGP) to encrypt your email, your email is relatively insecure. Consider relating sensitive information by phone.  If you have questions about how secure or private your email is, or to identify solutions to improve email security, please consult CIO.
• Keep access privileges accurate.
  As staff turn over and roles change, keeping access privileges accurate can be challenging and time-consuming. Let CIO help you save time and improve security of your resources by taking advantage of some software tools either to automate or to give you direct control of access privileges.
• Inform yourself.
  • Be aware of how the University classifies information you work with and how it should be protected based on that classification. (See "Data Classification" in Information Security Policy.)
  • Keep in mind that information in your email or other files on University systems may be considered public record (see section 6.1 of Appropriate Use Policy).
• Consult with us...
  to identify solutions that provide the balance of protection and convenience that is right for your needs.

Conclusion

Mistakes happen, disks fail, hackers hack, the angry retaliate, viruses infect. If our computing behavior is not informed and careful, if our machines and resources are left unprotected, then we put at risk our own and others' productivity and any critical or sensitive information with which we work.

The responsibility for protecting our assets cuts across many individuals and groups. This page is about what you can do. For more on the considerable amount being done by others (at College, campus and University levels), please refer to "Safe Computing: What's Being Done to Protect Us ".

 

Related Links and Pertinent Information

CITES Guide to Computer Security
    http://www.cites.uiuc.edu/security/
CIO User Services
    http://www.ed.uiuc.edu/cio/userservices/
CIO: The Reality of Copyrights and File Sharing
    http://www.ed.uiuc.edu/cio/network/copyright.html
CIO: Danger of Web Links in E-mail
    http://www.ed.uiuc.edu/cio/announcements/badlinks.html
Campus Appropriate Use Policy
    http://www.fs.uiuc.edu/cam/CAM/viii/viii-1.1.html
Campus Information Security Policy
     http://www.fs.uiuc.edu/cam/cam/viii/viii-1.2.html

 

 

* University policy.  See campus policy links, immediately above.

** This is achieved procedurally and programmatically by CIO for all computers managed by CIO.  Users must respond periodically, however, to requests to restart computers or to remove/quarantine viruses.

*** CIO and CITES provide differentiated network file storage options to meet different needs.  Please consult CIO for the solution that best fits your needs.