Recommended Computer Security
The following are recommendations to keep your computer, accounts, and data more secure. The steps involving setup, installation, or configuration require administrative/root privileges.
Note: Staff machines under SEASnet support have many of these configured already. Please check with the Help Desk before making changes.
- Lock down and physically secure all equipment, especially laptops and machines in open areas. You can submit a SEASnet Service Request to do so.
- If you need to step away from the computer for more than a minute lock your session, instructions for locking down a Windows machine can be found Here.
- Setup a screen saver with Password Protect on Resume.
- Log off the machine when you leave for the day.
- Install all current updates/patches – click Here for windows instructions.
- Do not use a root/administrator priviledge account as your primary account. Create a regular user account for normal use and only use the administrator account for installing software.
- Both Windows and Linux supported machines can be configured to automatically download and install updates and patches – instructions to configure your windows machine can be found here.
- Install anti-malware software (especially anti-virus software); and make sure to update and scan frequently.
- Setup a firewall – see these instructions for configuring Windows firewall.
- Create strong passwords for all computer accounts and change them every 6 months.
- Do not save passwords in web browsers.
- Do not keep any Sensitive Data on your computer unless absolutely necessary – if you must keep sensitive data on your computer it should be Secured – compromised computers containing sensitive data will be subject to UCLA Policy 420.
- If you have passwords or other sensitive data in hard copy (on paper), keep it secure. In a locked cabinet, for example.
- Beware of Social Engineering Attacks.
- SecureID cards (if one is assigned to you) should be considered like a master key: Keep its location secure, do not let anyone borrow/use it, do not write your username and/or password on the device, nor place any identifiable marks, stickers, or notes of any kind on the device.
Protection of Personally Identifiable Information as outlined in UCLA Policy 420:
- Don’t transfer protected information to a device such as a USB drive or CD that can easily be lost and accessed by someone else.
- Don’t send email that includes protected data if at all possible. If you absolutely must send email with protected data carefully evaluate where the email will be sent. If you forward on email that has protected data and the recipient does not need the protected data, remove that information from the message prior to sending it. With the addition of health and medical information, an email from an employee to their supervisor explaining a medical condition becomes protected data. Supervisors should ensure that their employees are not forwarding email to a non-HSSEAS account. Email accounts not handled through SEASnet may or may not meet campus security requirements.
- Be cautious when using your computer to casually browse internet. If you’re not sure if a site is trustworthy, then don’t visit it from a work machine.
- Never assume that you are not responsible for keeping data secure. If you have access to the data, you are responsible.
Computer security requirements change as new vulnerabilities and methods of compromising your systems are discovered. Please check back here often to ensure your system is as secure as possible.