Recommended Computer Security
The following are recommendations to keep your computer, accounts,
and data more secure. The steps involving setup, installation, or
configuration require administrative/root privileges.
Note: Staff machines under SEASnet support have many of these
configured already. Please check with the Help Desk before making
changes.
- Lock down and physically secure all equipment;
especially laptops and machines in open areas. You can
submit an MSR to do so.
- If you need to step away from the computer for more than
a minute lock your session - instructions for locking down
a Windows machine can be found here
- Setup a screen saver with
password protection on resume.
- Log off the machine when you
leave for the day
- Install all current updates/patches - click
here for windows instructions
- Both windows and linux supported machines can be configured to automatically download and install updates and patches -
instructions to configure your windows machine can be found
here
- Install anti-malware software
(especially anti-virus software); and
make sure to update and scan frequently
- Setup a firewall - see these
instructions for configuring Windows XP firewall
- Create strong passwords for
all computer accounts and change
them every 6 months
- Do not save passwords in web
browsers
- Do not keep any
sensitive data on your computer unless absolutely
necessary - if you must keep sensitive data on your
computer it should be secured
- compromised computers containing sensitive data will be
subject to UCLA Policy 420
- If you have passwords or other sensitive data in hard
copy (on paper), keep it secure. In a locked cabinet
for example
- Beware of Social Engineering
attacks
- SecureID cards (if one is assigned to you) should be
considered like a master key:
Keep it's location secure, do not let anyone borrow/use it,
do not write your username and/or password on the device, nor
place any identifiable marks, stickers, or notes of any kind
on the device
Windows specific:
Protection of personally identifiable information as outlined in
UCLA
Policy 420.
- Don't transfer protected information to a device such
as a USB drive or CD that can easily be lost and accessed by
someone else.
- Don't send email that includes protected data if at all
possible. If you absolutely must send email with protected
data carefully evaluate where the email will be sent. If
you forward on email that has protected data and the recipient
does not need the protected data, remove that information
from the message prior to sending it. With the addition of
health and medical information, an email from an employee to
their supervisor explaining a medical condition becomes
protected data.
- Supervisors should ensure that their employees are not
forwarding email to a non-HSSEAS account. Email accounts
not handled through SEASnet may or may not meet campus
security requirements.
- Be cautious when using your computer to casually browse
internet. If you're not sure if a site is trustworthy,
then don't visit it from a work machine.
- Never assume that you are not responsible for keeping data
secure. If you have access to the data, you are responsible.
Computer security requirements change as new vulnerabilities and
methods of compromising your systems are discovered. Please check
back her often to ensure your system is as secure as possible.
|