Keeping yourself and your personal information secure has always been critically important; you don't leave your house unlocked and you certainly don't leave your credit card out. Keeping your data and devices secure is a something that everyone, not just an IT department, should take responsibility for.
CalArts IT's Security Best Practices Guide
Between regular anti-virus checks, password audits, and plain ol' keeping an eye on your computer, the following list are some best practices that everybody can do!
Be Critical and Don't Get Phished
Phishing is a term that's become a permanent part of our modern lexicon. It's essentially just the new word for social engineering, or tricking somebody into doing what you want. Phishing attempts can be as clumsy as an email touting "cheap prescription drugs!" or a pop-up advertisement claiming your computer is infected and you need to call a phone number to get it cleaned.
A good rule of thumb is this: If an unknown website, email message, or person, is asking for your financial information or your password just close the browser, hang up the phone, and call IT. We'd much rather help you out if your computer is being slow or showing you random ads than help you figure out how to call to change all of your personal and financial information.
Whenever we're notified of a new phishing attempt we do our best to document it and inform the CalArts community. If you glance through our Security Alerts section of our website you can see loads of examples of phishing attempts and other scam attempts.
Here are some recent examples of phishing attempts reported by our community:
Update, Update, Update!
One of the easiest and most often overlooked ways to keep your computer and/or device secure is to ignore available updates. We know it can be a pain to stop what you're doing and wait for something to update, but 2014 saw some of the largest and most severe security exploits in history and each one was patched through a program or operating system update.
CalArts IT is responsible for the patching and overall security for the computers we manage. So if you see a little notification asking your permission to update, please take the time and let it update!
Install (and Keep Up To Date) Your Anti-Virus Software
CalArts IT uses Sophos Anti-Virus on the computers that we manage: it's fast, thorough, and updated regularly. There is a free version available for Macs that does a remarkably good job and we recommend it for personally owned Student, Faculty, and Staff computers. For Windows we recommend Avast!, which also comes with web protection to help with malware and other browser-based attacks.
Create Secure (and Memorable) Passwords
Making a strong password is at the top of most people's "Things I Hate Doing" list, so more often than not we start to use the same password over and over again. Password security is absolutely critical, and one of the easiest things to grow lazy and forget about. Passwords don't have to be extremely long and arduous, but a healthy mix of capital letters, numbers, and symbols will help make a password be difficult to crack.
This table by the PCI Security Standards Council shows some passwords that are relatively simple yet are still secure and memorable:
|Time to Crack
|0.077 seconds (not a dictionary word)
|14 seconds (uppercase, lowercase, number)
|14 minutes (7 characters)
|15 hours (8 characters)
|39 days (9 characters)
|412 years (11 characters)
|511 years (14 characters, but only letters)
|344,000 years (12 complex characters)
Alternatively you can use a password manager, like KeyPass or LastPass. These programs will generate passwords for you and keep them safe in one location for you to access. You can use really long and complex passwords this way and not have to necessary remember them, but you also need to keep the location where the passwords are stored as secure as possible.
Backup, Backup, Backup!
There are few things as frustrating and time consuming as losing your data to sudden data corruption, a fire, or any number of other tragic events outside of your control. Backing up can be an easy and automated process, and there are more ways than ever to backup your data. Cloud backup through companies like CrashPlan or Carbonite can automate off-site backups to protect against theft or acts of God.
Even if you don't do off-site backup, utilizing the built-in backup options in Windows and Apple OS X are easy to implement!
Don't Leave Your Computer Alone in Public
Leaving your computer alone, in public, is like leaving your front door open with a sign saying you've gone on vacation -- you're just asking for trouble. Apart from basic theft, having physical access to a computer makes stealing personal, financial, or password information trivial.
Make sure you have a computer that requires a password when you log in and has a timer that makes you re-enter a password if you leave it alone for a certain amount of time. You may always want to consider using an encrypted hard drive, or enabling encryption in the OS. On a Mac you can enable FileVault, and in Windows you can enable BitLocker; either option is a good step to securing your computer.
Be Wary of Suspicious Links, Attachments, and Advertisements
You've probably seen the ads that pop-up everywhere on the internet promising to speed up your computer or clean out the billions of files that are causing problems. Adware and Malware are, by far, the most pervasive type of threat your computer faces and it is up to you to protect your computer. To best protect yourself from these threats never open a file or email attachment that you weren't expecting or follow a link in a suspicious email.
In Windows we strongly advise the use of programs like MalwareBytes to scan for and help eliminate files and programs that exist solely to harvest and sell your personal information. If you're using a Macintosh Adware Medic has become one of CalArts IT's staple programs to help fight infections from Conduit and other irritating and difficult to expunge malware.
There are hundreds of companies that prey on peoples ignorance and insecurities. If you ever find yourself about to call a company because your computer said you need to, contact IT and we'll help you.
Don't be afraid to ask questions
Not everybody is a computer expert, and we don't expect you to be. That's what we're here for. If you ever have a question or find yourself embarrassed to even ask, give us a ring, a tweet, or open a ticket!