Security Best Practices
This article describes several basic information security best practices that all members of the SPU community should follow.
As members of the SPU community, we need to be always aware of information security best practices, follow these practices and serve as an example for the rest of the community. Below are several tips and guidelines that all members of our team should adhere to every day.
- Don’t ever write down your passwords
- And don’t ever put them on a post-it note next to your computer monitor. We cannot stress this enough. This applies to the password for your own accounts and for any service accounts you may have access to.
- Don’t ask others for their passwords or allow them to give it to you
- This will sometimes be less convenient for the person you are working with, especially if they need to go to a meeting or to lunch, but it is required security control.
- Be wary of clicking links or downloading attachments found in emails.
- Even if you know the sender, you should always be careful about clicking on links you don’t recognize. If the sites pertain to personal, financial, or any sensitive information, it’s safer to go directly to the site to login rather than click the link in the email.
- Think carefully about what you are sending via email
- Do not send passwords or confidential information via email, even within our own email domain. If attachments contain such info, they should be password protected and that password should not be sent via email. Share files via Google Drive with others.
- Back up your local files
- The content stored locally on your computer DOES NOT get backed up automatically. You should avoid storing any files on your computer other than those you are immediately working with and plan to delete. Any file that you wish to retain for a longer period of time should be copied to your Home folder (or another network share) or kept in your SPU Google Drive
- Always lock your screen when you step away from your computer.
- It’s an easy keyboard shortcut ([windows OS]Windows + L and [Mac OS] Command+Control+Q) to lock your screen. You should also use a password-protected screensaver that will automatically keep your computer secure after periods of inactivity.
- Know what to do if you suspect your computer is under attack
- If you suspect your computer has a virus or is under attack by some form of malware, DO NOT power the computer down. Disconnect the computer from the network (including wifi) and stop using it. Contact IT support immediately to open a ticket. Powering down the computer before IT support can begin forensic analysis could destroy import information.