Security Tip of the Week
1. Create a passphrase to strengthen your account's protection against attackers. A passphrase is a phrase that can be easily remembered and can also be translated into characters. For example, "I saw Mike the Tiger at LSU in 2008" can be translated to "iSmtT@LsUi2008".
2. Always make sure to change your passwords periodically. Changing passwords periodically allows for less time for an attacker to obtain a particular password.
3. When creating a password, always use a variety of characters and a minimum of twelve characters. In general, the longer and more complex and password is, the harder it will be for an attacker to guess.
1. Each member of the LSU community has a unique account accessible in PAWS and Active Directory. Users should always be logged on to their own account and should never share their account with others.
2. Make sure to use different passwords for different accounts. Using different passwords for different accounts ensures that all of your accounts won't be compromised if one of your passwords is cracked.
3. Admin accounts should be used for application and system management only. End users should never use accounts with administrator level permissions for day to day work.
4. Never share account credentials via wireless technology, email, or the Internet unless the information is encrypted and the source is approved to handle confidential information.
1. Always update your browser to the newest browser release when possible. The newest browser release generally provides the greatest compliance with web standards and browser security.
2. Always keep your Web Browser Add-ons up-to-date, and remove or disable all Add-ons that are no longer needed. Add-on Updates address security vulnerabilities and critical issues that need to be resolved.
3. Always turn on your browser's pop-up blocker. Pop-ups can contain viruses or come from malware that will infect your computer. Only enable pop-ups while using a trusted site, and enable the blocker again once the activity on the trusted site is over.
4. Check to see if the website you are using is https:// or http://, especially when on sites that require sensitive data such as passwords and online card payments. Sites with https encrypt your data so that it cannot be intercepted by third parties, while https does not.
1. Make sure to limit the amount of personal information you make available to the public on social media. Protect yourself by never posting location check-ins, your date of birth, full names, etc. on social media profiles.
2. Anything posted online will stay online. Always think before you post to social media to ensure you are protecting your privacy and not posting content you wouldn't want others to see in the future.
3. When using social media always make sure your privacy settings are up-to-date. Setting your social media accounts to private ensures that only approved users can see your personal information.
1. Never share confidential information with anyone unless required by government regulations, specific LSU job responsibilities, or business requirements. Be prepared to say "no" when asked to provide that type of information.
2. When transmitting sensitive data, always use an encrypted communication channel. For web based transmission, always ensure that the web site is protected by SSL.
3. Always dispose of media that contains sensitive data in a manner that protects the confidentiality of the information. LSU ITSP recommends shredding paper based documentation and using DBAN to effectively remove data from hard drives.
4. Secure your data by using two factor authentication whenever possible. Two factor authentication adds an extra layer of security by requiring a username and password, in addition to a form of verification only the user has access to. Additional authentication factors could be knowledge factors such as a PIN or shared secret, or possession factors such as an ID card or smartphone.
1. Never open or download an email attachment from an unknown source. Attachments may contain viruses that can compromise your computer and personal information, and therefore must be approached with caution.
2. Never send personal information such as passwords, social security numbers, or credit card numbers via email. Email should not be treated as a secure communications channel for sensitive data.
3. Never reply to any email that is from an unknown source. Doing so may expose you to more spam in the future.
1. Reduce your risk of becoming a victim to identity theft by protecting your Social Security number. Never carry your Social Security card on your person or any other card that shows your SSN.
2. If you are asked for personal information that seems inappropriate for the transaction, always ask questions. Ask how the information will be used, if it will be shared, and how it will be protected. Do not give out your personal information if you are not satisfied with the answers to these questions.
3. Reduce your chances of falling victim to identity theft by treating your trash carefully. Always make sure to destroy papers containing your personal information including credit card offers and "convenience checks" that you do not use.
4. To protect yourself from identity theft, enable the security features on your mobile device such as a passcode and/or touch ID, especially if you have banking websites, personal contacts, and applications saved.
1. Be mindful that individuals could possibly visit campus in person, and could use social engineering tactics to attempt to gain unauthorized access and/or solicit your personal information. Never let an imposed sense of urgency influence you to grant an unknown person access to secure areas (data centers, offices, storage rooms, etc.) or to release any confidential or private information. If you are unsure of someone asking you for access of any sort, contact email@example.com.
2. Be mindful of various forms of social engineering attacks, such as typo-squatting, when online. Typo-squatting consists of attackers creating online pages with URLs very similar to popular websites, such as "Amozon.com" instead of "Amazon.com", which can be used to steal your personal information. To avoid falling victim to typo-squatting, be careful when typing web addresses, install antivirus software on your device, and bookmark your frequently visited sites so that you can be certain you're going to the real website.
3. Always be suspicious of unsolicited emails, visits, or phone calls, especially when the individual is asking for personal or employee information. If the individual claims to come from a legitimate organization, verify their identity directly with the company. Never release confidential information about your organization unless certain that person has the authority to have the information.
1. Protect your computer by making sure that you have patched your machine and turned on automatic updates for operating systems and applications. When your machine is unpatched, software vulnerabilities can easily be exploited.
2. Regularly back up your files to an external hard drive or cloud storage. Doing so ensures that your data is protected in the case you fall victim to malware or other form of security incident.
3. Always be careful of what you are plugging into your computer. Infected flash drives, external hard drives, and smartphones can often spread malware to your device.
1. Always abide by the principle of least privilege when granting access to individuals. It is best practice to ensure that users have the minimal amount of access privileges required to perform their job duties.
2. When possible, always backup your data both onsite and offsite. Onsite backups entail backing up to the same physical location as you, such as on an external hard drive stored next to your computer. Offsite backups require storing your data at a different location, such as on an online server. Doing so ensures that your data is safe in the case of any event such as a robbery, fire, or flood.
3. If the hardware or software allows, always encrypt your backups. Encrypting your backup with a strong passphrase adds another layer of defense in the case of a security breach.
1. When stepping away from your computer, always make sure to password protect your screen. Even if stepping away for a short time, it is always best to ensure that no one can access your machine while you are away.
2. Cybercriminals will attempt to steal your personal information through links in emails, online advertising, and social media. Always inspect links thoroughly, and if it looks suspicious, do not click it. For more information on phishing, visit www.lsu.edu/phishing
3. Be aware of what personal information a site is automatically collecting from you and how it is being used. This may include IP address, software details, and page visits. To possibly limit the amount of personal data collected, familiarize yourself with your browser security settings and add-ons that can be installed.
1. Enable automatic updates on your device when possible. Software updates address known vulnerabilities on your device that cyber criminals can exploit. Automatic updates ensure that their is less time for cyber criminals to exploit these known vulnerabilities.
2. It is very important to keep your device software up to date. Software updates not only fix security vulnerabilities, but in many cases can add functionality and improve the performance of the device as well.