Top 10 IT Security Recommendations
UCLA Policy 401 requires that electronic devices connected to the campus network install all the latest security updates released by operating system manufacturers such as Apple, Microsoft, and the Linux variants.
1. Install Antivirus Software and keep all Computer Software Patched
UCLA Policy 401 requires that devices connecting to the campus network run up-to-date antivirus software. To facilitate this, UCLA provides Sophos, a free antivirus software program to UCLA students, faculty, and staff. UCLA IT Security recommends that every member of the campus community download and use Sophos frequently.
- The antivirus should always be active and configured to update on a regular basis.
- Configure your antivirus to automatically scan all downloaded files, removable media, and email attachments.
- Contact your department's help desk or, if you are a student, the UCLA Student Technology Center, if you believe that your computer is infected with malware. Disconnect the computer from the network immediately to keep the infection from spreading or sending information to an attacker.
- Be sure to keep your Operating Systems, Applications and Plug-Ins updated. Software vendors regularly provide security fixes and enhancements on a regular basis.
2. Use a Strong Password for Every Site and Application You Use
Passwords are one of the most important controls on access to information. Too often, users the same password for multiple accounts. If a hacker compromises a credential, that same username and password could be the keys to the kingdom!
- Choose a password that is at least 10 characters which includes: Upper/Lower case, Numbers & Symbols
- Change your password at least once every 6 months
- Use a Passphrase or a Password Generator. A passphrase is a group of words that means something to you. For example: UCLAzci90095!
- Translates to: UCLA zip code is 90095!
- Use a Password Manager for all your websites. You should have a different password for each website and application you use. A Password Manager such as LastPass is one of many samples
3. E-Mail Security Tips
Email is widely used at UCLA, but some often-overlooked common sense measures can put you at risk.
- Any phishing attempt to trick you into revealing confidential, personal, or financial information, your password, or sending money is a scam. Credible organizations will never ask for this.
- Malware, spyware, Trojan viruses, and other malicious software is often transmitted through email in the form of malicious links or seemingly credible attachments. Clicking these links or opening these attachments may infect your computer.
- Do not transmit sensitive, restricted information by email. It is not secure. This includes passwords, PIN numbers, or files containing restricted information (such as Social Security numbers).
- Always be skeptical, as it is often difficult, if not impossible, to know for certain who sent an email. If need be, verify the legitimacy of a sender in person.
4. Spot Social Engineering Attempts
Social engineering is the manipulation of a person's trust to obtain unauthorized information. A "social engineer" is always on the lookout for pieces of information that can help him or her assume someone else's identity, usually without that person's knowledge.
- Phishing: Legitimate organizations do not email, call, or otherwise contact their customers asking sensitive questions or for personal information, such as usernames and passwords. This is known as "Phishing," an attempt to trick gullible persons into revealing confidential, personal, or financial information, obtaining a password, or sending money. When in doubt, do not respond or give your information and contact the organization directly. UCLA will never ask you for your username or password in email communications.
- Dumpster Diving: Yes, that's right, a "harmless" gesture like throwing away a document can give a social engineer opportunities to impersonate you. Shred sensitive information and never put it in the garbage intact.
- Scam Artists: If an unknown party shows up to your office or asks you for information in person, always be skeptical. Ask for identification and never reveal information because their attire is professional or looks like it might be affiliated with the University in an official capacity. You will never be punished for confirming somebody's identity. Report suspicious and dubious behavior to your supervisor or the UCLA police.
5. Use Secure Wi-Fi Connections at Home and Away
Those who use the Wi-Fi wireless network on campus should connect to the eduroam network. It uses WPA2 encryption to protect your data and wireless connection and allows you to log in with your UCLA credentials on the UCLA network and at any other University of California campus.
- When at home, be sure to password-protect your Wi-Fi network. Not having your wireless connection locked down is an open invitation for a bad guy to break into your network and access your systems
- When in public locations such as hotels, coffee shops and airports, be wary of wireless networks. Don’t connect to a wireless network you don’t recognize.
- Most cell phones have Personal Hot Spot capabilities built-in, it is safer to use than a public network.
- When connecting to a wireless network, activate your VPN as soon as possible.
6. Back Up Important Information
Due to hardware failure, malware infection, or other causes can put you into a situation where your data is permanently lost or inaccessible. Be sure to regularly backup your data which you find important.
- Cloud backups are a very popular choice amongst users. An application sits on the computer and backs up the data on a scheduled or continuous basis
- Backing up to an External Hard Drive is still a good choice and most manufacturers provide free software to backup the data. The problem with backing up to an External Hard Drive is remembering to do it, unless it is constantly plugged in.
7. Secure Your Mobile Device
Like most people, you’ve probably accumulated a lot of personal information on your mobile device. This valuable data makes these devices a target for thieves and cybercriminals.
- Use a password, passphrase or passcode on your mobile device. Set the lock feature to a few minutes
- Enable a firewall on your laptop
- Install antivirus software on your laptop and keep it updated
- Use Encryption to protect your personal information on mobile devices
- Leave your Blue Tooth turned Off when not in use
- Do not save passwords or PINs on your smart phone
- Use remote tracking software on your smart phone that has the ability to locate, lock and wipe if your smart phone is lost or stolen
- Take note of your IMEI (International Mobile Equipment Identity) number. An IMEI is your 14-16 digit serial number which identifies your smart phone. If a device is reported stolen, it will be permanently unusable on most carrier networks, even if the SIM card is changed
8. Limit Social Network Information
The Internet offers a goldmine of information and gives users virtually unlimited communications options. Carefully consider the information you plan to disclose when registering for a site or providing information about yourself online.
- Don't post personal information about yourself or others – especially information that contains information that you use for answers in password or username-recovery security questions.
- Learn how to use the privacy and security settings to protect yourself, keep personal information personal and know what to do if you encounter a problem
9. Download Files Legally
Avoid peer-to-peer (P2P) networks and remove any file-sharing clients. P2P clients has worldwide sharing capabilities and you never know if the file has a Trojan. Unsigned apps from the Apple’s App Store or Google’s Play Store may contain back doors to the mobile device allowing cybercriminals to steal your data.
10. Secure Your Area before Leaving It Unattended
Whenever a laptop or portable device is lost or stolen, the data on that device has also been stolen. If proprietary UCLA data is lost or compromised, the resulting damage can be much greater than the cost of replacing the equipment.
- Avoid storing personal data on laptops and other mobile devices
- Before leaving your work area, turn off, close the lid of, or lock your computer, put away sensitive documents, and lock up cabinets and other storage spaces. Take portable devices or media with you, or lock them up.
- Remove sensitive documents immediately from printers, fax machines, and copiers so that no one else can read them.
- Shred documents that contain sensitive information. Don't discard them in public wastebaskets.
- Don't leave portable equipment in a vehicle, even if it is locked. In addition to the possibility of theft, heat in a closed vehicle can sometime damage computer equipment