The security and safety of your computer system is a joint effort between the technical support departments at Rutgers University and yourself. It is important to understand what you should do on an ongoing basis to ensure that your system remains safe. The following recommendations will help you keep your systems at work and at home running safely and securely:
- Disconnect your computer from the network if you believe your computer is infected. If you believe that your computer is infected with a virus or malware, please disconnect the system from the network it is connected to immediately to reduce the possibility of the virus spreading to other users and to reduce the extent of the problems on your own system. Please then contact us for assistance. You should not connect to any sites or services until the problem is resolved.
- Back up your important data regularly. You should save important data on your personal drive when working in the office or in our computer labs and you should also ensure that any other important data on your computer is backed up regularly. A good rule is to have a backup of your data on a secondary drive like a USB drive and another backup on an offsite or cloud-based system. Members of the Rutgers community have access to cloud-based file sharing services like Google Drive, Box, and One Drive that can be used to backup files. Backups should be done regularly and if any of the data you are saving needs to be protected, it should be encrypted. You can contact us for guidance on protecting sensitive data.
- Protect your system with anti-virus software and setup scheduled scans. All systems configured by the Information Technology Services Office at the Bloustein School have anti-virus software installed. No matter how careful you are using your computer, there are ways that you can be infected. Anti-Virus software is freely available to faculty, staff, and students at Rutgers University. If you would like our recommendations on which programs to use, please contact us. Once you have the software installed, you should setup regular scans of your computer to ensure that there is not anything malicious on your system.
- Ensure that your computer is doing automatic updates for the programs that regularly need to be updated. This includes your operating system and any other programs that would need updates. Please note that we do not recommend updating any programs or software when using public wireless networks. There have been documented cases of updates being sent by malicious actors on such networks that are actually viruses or malware.
- Be careful about opening attachments or clicking on links in email messages. Many of the problems that users encounter result from opening infected attachments to emails or clicking on malicious links. You should only open attachments that you are expecting. If you have received an attachment from someone that you know and you are not expecting an attachment, you should check with the sender prior to opening the attachment. In addition to attachments, embedded links in SPAM are also another main cause of spyware or malware infestations. If you receive SPAM messages, you should never use any of the links in those messages. If you question the validity of any email message, you can always check with us to confirm whether it is valid.
- Be careful when browsing web sites. Another way your system can become infected is by visiting malicious web sites. It is important to be careful with the sites you open when browsing or doing research, as the safety of your computer depends on it. In addition to have anti-virus software installed, another way to help keep your systems safe when browsing is by using ad blockers. We recommend using uBlock origin as a browser add-on to help keep you safe.
- Use good password practices. Good passwords are long passphrases that include upper-case and lower-case letters, numbers, and special characters like punctuation. For example, the phrase In1972Iwasborn! is both easy to remember and is a strong password. It is important to use unique passwords for your accounts and to change your passwords regularly. You should also be very careful as to where you store your passwords. If you do record them on paper, they should be locked away. If you store them on your computer, the file needs to be encrypted with a strong password to protect the file, as otherwise a compromise to your computer may result in your passwords being compromised. Password managers such as LastPass can be helpful if you have a large number of accounts you need to protect.
- Use two factor authentication. One of the best ways to protect your accounts is through the use of two factor authentication. The most common way of using this is with an app installed on your phone although some systems continue to use texts and emails to provide confirmation codes for accessing accounts. Rutgers has implemented two factor authentication to help protect your Rutgers accounts and we recommend using it. You can find out more about Rutgers DUO here.
- Maintain the physical security of your system. Physical security can include such measures as physically locking the system down with an aircraft grade cable to prevent theft to setting BIOS passwords that are required to start the system. Another excellent physical security measure is to setup up full disk encryption that protects your data if your computer is lost or stolen. Another good practice is to setup screen saver passwords for instances when you may walk away from your system.
- Do not run file and print sharing, remote access programs, or peer-to-peer file sharing programs on your system. These programs are dangerous and can expose your computer to security problems. If for any reason you need these programs for your work, please contact us for guidance.
- Install or activate your Personal Firewall. Personal firewalls can also help keep your computer safe. At one time, it was standard protocol to have a third-party firewall running. At the present time, the built-in firewalls from Microsoft and Apple are sufficient provided that your computer is protected by a firewall or at the very least a router.
- Use secure services whenever possible. Secure services are programs that protect communications and file transfer. There are countless apps that can provide secure communications such as signal and there are many tools available for transferring files securely. If you need to transfer sensitive data for work related purposes, please contact us for guidance.
- Do not use public wireless networks. Public wireless networks are dangerous and are commonly used to compromise computers. We strongly recommend against the use of such networks. If you absolutely need to use a public wireless network, you should use a travel router when possible in conjunction with a VPN service and you should limit the amount of time you are on that network and install any updates when connected to such networks.
- Do not allow anyone to connect to your computer unless it is a technical support person you know and trust. There are countless scams going on with people who want to gain access to your computer to install malicious software. Most of these scams are perpetrated over the phone where someone will contact you and inform you that they are calling from Microsoft or Apple and need to address a problem on your computer.
- Secure your mobile devices. Phones and tablets that can access your accounts are an easy way to have those accounts compromised. Password protect your mobile devices, turn off Blue tooth when it is not needed and use tracking software so that you can locate your devices if they become lost or stolen.
- Update the firmware on your router and restart it regularly. There are attacks directed specifically at home routers. A good practice is to login to your router once a month to see if there are updates that can be installed. We also recommend restarting your router weekly for security purposes and to keep it running efficiently.
We hope that you find this information useful. If you have any security questions or concerns, please contact us at firstname.lastname@example.org.