Security Tip of the Week


July 2017:

1. Create a passphrase to strengthen your account's protection against attackers. A passphrase is a phrase that can be easily remembered and can also be translated into characters. For example, "I saw Mike the Tiger at LSU in 2008" can be translated to "iSmtT@LsUi2008".

2. Always make sure to change your passwords periodically. Changing passwords periodically allows for less time for an attacker to obtain a particular password. 

3. When creating a password, always use a variety of characters and a minimum of twelve characters. In general, the longer and more complex and password is, the harder it will be for an attacker to guess. 

August 2017:

1. Each member of the LSU community has a unique account accessible in PAWS and Active Directory. Users should always be logged on to their own account and should never share their account with others. 

2. Make sure to use different passwords for different accounts. Using different passwords for different accounts ensures that all of your accounts won't be compromised if one of your passwords is cracked. 

3. Admin accounts should be used for application and system management only. End users should never use accounts with administrator level permissions for day to day work. 

4. Never share account credentials via wireless technology, email, or the Internet unless the information is encrypted and the source is approved to handle confidential information. 

September 2017

1. Always update your browser to the newest browser release when possible. The newest browser release generally provides the greatest compliance with web standards and browser security.

2. Always keep your Web Browser Add-ons up-to-date, and remove or disable all Add-ons that are no longer needed. Add-on Updates address security vulnerabilities and critical issues that need to be resolved. 

3. Always turn on your browser's pop-up blocker. Pop-ups can contain viruses or come from malware that will infect your computer. Only enable pop-ups while using a trusted site, and enable the blocker again once the activity on the trusted site is over.

4. Check to see if the website you are using is https:// or http://, especially when on sites that require sensitive data such as passwords and online card payments. Sites with https encrypt your data so that it cannot be intercepted by third parties, while https does not. 

October 2017

1. Make sure to limit the amount of personal information you make available to the public on social media. Protect yourself by never posting location check-ins, your date of birth, full names, etc. on social media profiles. 

2. Anything posted online will stay online. Always think before you post to social media to ensure you are protecting your privacy and not posting content you wouldn't want others to see in the future. 

3. When using social media always make sure your privacy settings are up-to-date. Setting your social media accounts to private ensures that only approved users can see your personal information. 

November 2017

1. Never share confidential information with anyone unless required by government regulations, specific LSU job responsibilities, or business requirements. Be prepared to say "no" when asked to provide that type of information. 

2. When transmitting sensitive data, always use an encrypted communication channel. For web based transmission, always ensure that the web site is protected by SSL.

3. Always dispose of media that contains sensitive data in a manner that protects the confidentiality of the information. LSU ITSP recommends shredding paper based documentation and using DBAN to effectively remove data from hard drives.