Information Security Best Practices

Passwords:

  • Make your passwords Long
    • Recommend 12-16 characters in length – longer is stronger!
  • Make your passwords Random
    • Use a random string of letters (UPPER and lower case), numbers and symbols (the strongest!): e.g., cXmnZK65rf*&DaaD, or
    • Create a memorable passphrase of 5-7 unrelated words: e.g., HorsPerpleHatRunBayconShoos
  • Make your passwords Unique
    • Don’t use the same password on more than one account
  • Use a Password Manager to securely store and generate new passwords
  • Where possible, use multifactor authentication (MFA)
  • Do not use passwords that are based on personal information that can be easily accessed or guessed, such as your name or names of family members or pets, address, phone number, or birthdays
  • Don’t use a sequence of letters and numbers, e.g., 123456, abcdef, 111111
  • Don’t use simple dictionary words
  • Always change default passwords
  • Change passwords on a regular basis

Miscellaneous:

  • Lock or log off your computer when leaving your work area
    • Microsoft Windows: Windows Key (Windows Key) + L or Ctrl-Alt-Del
    • Apple macOS: Control Key (Control Key) + Command Key (Command Key) + Q
  • Don’t leave any files unattended that may contain confidential information
  • Report suspicious activity/persons immediately
  • Dispose of all confidential paper data properly (Follow existing data retention policies)
    • Place in provided shred bins for disposal, if available
    • Shred it yourself if you have access to a personal shredder
    • Cross-cut only – Straight-cut is easy to re-assemble
  • Frequently backup important files
  • Maintain current software and updates
  • Beware of unknown email, attachments and untrusted links
  • Use security software
    • anti-virus, firewall, anti-spyware, anti-malware
  • Protect any and all sensitive information that you handle, including your own

General Tips & Advice:

(courtesy of Stop.Think.Connect)

Keep a Clean Machine

  • Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
  • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
  • Protect all devices that connect to the Internet: Along with computers, smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.
  • Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.

Protect Your Personal Information

  • Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
  • Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
  • Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.

Connect With Care

  • When in doubt, throw it out: Links in emails, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
  • Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
  • Protect your $$: When banking and shopping, check to be sure the site is security enabled. Look for web addresses with “https://” or “shttp://,” which means the site takes extra measures to help secure your information. “Http://” is not secure.

Be Web Wise

  • Stay current. Keep pace with new ways to stay safe online: Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
  • Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
  • Back it up: Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely.

Be a Good Online Citizen

  • Safer for me, more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
  • Post only about others as you have them post about you. The Golden Rule applies online as well.
  • Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime.

Own Your Online Presence

  • Personal information is like money. Value it. Protect it.: Information about you, such as your purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.
  • Be aware of what’s being shared: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s OK to limit how and with whom you share information.
  • Share with care: Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it could be perceived now and in the future.