Knowledgebase - Powered by Kayako Help Desk Software

Knowledgebase

1Downloads 8How To Articles 9Computer Setup & Installation 2Security 6Outlook Tips 2Wireless 17Software Tips 8Macintosh Tips 2Psych Software 1Home Tips

Knowledgebase : Security

Ten Ways to Work More Securely (By UAB HIPAA Security Officer)

The security of your computer and data is crucial for you and the success of UAB/UABHS. Lost or stolen information can expose confidential or personal information. The more you do to keep your computer secure, the safer your information will be. Use these 10 tips to learn ways you can help protect your computer, your data, and our networks.

1. Work with HSIS or UAB IT

Make sure that you install all of the patches and updates that your vendors recommend. In addition to installing Windows and Office updates, HSIS or UAB IT might require you to install additional software, such as a firewall or a customized product solution. Making these regular installations will keep your computer and our networks as secure as possible.

2. Use strong passwords

Passwords provide the first line of defense against unauthorized access to your computer, and a good password is often underestimated. Weak passwords provide attackers with easy access to your computer and network. Strong passwords are considerably harder to crack, even with the latest password-cracking software.

Tips: https://www.uab.edu/it/home/component/k2/item/764-passphrase-vs-password

A strong password:

Is at least eight characters long.
Does not contain your user name, real name, or organization name.
Is significantly different from previous passwords. Passwords that change just slightly—such as Password1, Password2, Password3—are not strong.
Contains characters from each of the following groups:
- Uppercase and/or lowercase letters.
- Numbers
- Symbols (!, @, #, $, %, etc.)

XKCD Password Strength
Credit: Randall Munroe, xkcd.com, CC 2.5

3. Don't enable the Save Password option

Make it mandatory for you—or someone else trying to access your computer—to enter your password on all operating system or application settings. If a dialog box prompts you about remembering the password, rather than requiring you to enter it, just choose no. Allowing the password to be saved negates having the password at all.

4. Use network file shares instead of local file shares

Rather than opening up your computer to co-workers, use network file shares to collaborate on documents. And restrict access to the network file share to only those who need it. If you're working on a team, you have lots of other options—for example, Microsoft SharePoint Workspace 2010.

5. Lock your computer when you leave your desk

If you're going to be away from your desk for a while, make sure your computer is locked.

To lock your computer:

On your keyboard, press CTRL+ALT+DELETE at the same time.
Click Lock this computer (Lock Computer if you're running Windows XP).
To unlock your computer, press CTRL+ALT+DELETE and enter your password.

REMEMBER - CTRL+ALT+DELETE before you leave your seat!

6. Use password protection on your screensaver

Sometimes you're away from your desk for longer than you unexpected. Plan for those situations by setting up your computer so that it locks itself after a specified amount of time.

7. Encrypt files containing confidential or business critical files

You keep valuable and sensitive data on your computer. Encrypting your data keeps it as secure as possible. To help keep unauthorized people from accessing your data—even if your computer is lost or stolen—you should encrypt all sensitive data. We highly recommend that you learn how to encrypt a file or folder to keep it safe.

8. Don't open questionable emails

If an email message just doesn't look right, it probably isn't. Forward the email message to your IT administrator to verify before you open it.

9. Encrypt email messages when appropriate

If you're sending confidential or business-critical information, encrypt the email and any files attached to it. Only recipients who have the private key that matches the public key you used to encrypt the message can read it.

10. Use the Junk Email Filter in Outlook

Receiving spam, or junk email messages, isn't just annoying. Some spam can include potentially harmful viruses that can cause damage to your computer and your company's network. The Junk Email Filter reduces the amount of junk email messages, or spam, you receive in your Inbox. Good news—if your junk mail filter is already active, you can always change the settings.

Protect yourself from phishing emails and online scams

Phishing scams most often take the form of fraudulent emails. Typically, these messages are designed to trick users into revealing sensitive or protected information (ex. usernames, passwords, bank account information) by pretending to be a legitimate entity like your bank, a social media site, or your university. For example, a phish posing as your bank might warn you of fraudulent activity on your account and ask you to “click here” to verify your information which often includes providing your account username, password, and sometimes more.

We want to emphasize these security best practices on emails from unknown users:

Do not open emails that look suspicious or are from unknown users.
- Check the sender’s email address to see if the listed domain (what comes after the “@” sign) matches where the sender claims to be from. If the email message claims to be from UAB, does the sender domain match?
Try to not click on links in an email but if you must, first check the true destination of any link or listed email address in an email by hovering (don’t click) your mouse over the link. The true email or URL will be displayed next to your mouse or in the bottom left of your window.
Do not open attachments
Never send private and sensitive information (credit card information, password, PIN, etc.) by emails. On websites, verify the legitimacy of website before supplying these information.
Be skeptical of unsolicited messages offering you money or other items for little to no work. If it sounds “too good to be true”, it probably is.

On your home computers, please also make sure that your computer is protected with an AntiVirus software and is up-to-date.

Refer to these sites for more information:

UAB IT: http://www.uab.edu/it/home/phishing
Wikipedia: http://en.wikipedia.org/wiki/Phishing
Apple: http://support.apple.com/kb/ht4933
Microsoft: http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Contact DOM IT if you have any questions!

Help Desk Software by Kayako