Tips for staying safe online

On this page:


Overview

These instructions describe best practices for securing your computer, accounts, and the data stored on them. Information Security Best Practices contains more technical security precautions that you should know, and that IT Pros should implement.

All information in this document applies to laptops; for further details, see Laptop and Mobile Device Security.

For help, contact your campus Support Center.

Note:
Following some of the suggestions below can affect how your computer interacts with the network. If your computer or local network is managed by a computer support provider, you should consult with your provider before making changes to avoid disrupting your network connection.

Stay safe on social media

Set strong passwords and use a password manager

Passwords are the keys to your personal accounts. Be sure to create unique, strong passwords and change them whenever they are compromised. For added security, use a password manager.

Enable two-factor authentication

Strong passwords are a good start, but add an additional layer of security by enabling two-factor authentication to require another form of verification beyond your username and password to ensure only you have access to your accounts.

Avoid phishing and/or catfishing scams

Think before you click. If you receive odd or out-of-the-ordinary messages with links, be sure to verify the authenticity of the sender and the link before you click, and never share your personal information with someone you don't know and trust.

Know how to block, report, and filter users and content

Take control of your social media experience and safety by familiarizing yourself with the blocking and reporting features on each platform you're active on. Block and report harassing behavior or harmful content. Some platforms also allow you to filter content based on keywords to ensure a safe and positive browsing experience.

Be aware of what you share

Think before you post, and consider whether you are sharing information that could be used by bad actors. Avoid sharing public posts that could indicate that you will be away from your home for long periods of time, or that share your exact location. Sensitive images or statements you post will be archived on the Internet, even if you delete them later. Sensitive or intimate images or statements you post now may be used to harm you reputationally or financially in the future.

Turn off geo-location

Apps like Facebook, Instagram, Snapchat, and Twitter may request access to your location and make that information available publicly through your posts. Avoid broadcasting your exact location by checking the privacy settings on these apps (and others), and turning off geo-location settings.

Read the Terms of Service

Be a conscious user of social media apps. Carefully review the terms of service for any apps you use to be aware how, where, and when your personal data can be used by the social media company.

Top four things you can do to protect your computer

Maintain current software and updates

The most important thing you can do to keep your computer safe is to use a secure, supported operating system; see ComputerGuide: Deals by vendor, recommendations, and common questions. Keep your software updated by applying the latest service packs and patches. Refer to your operating system's help for assistance.

Practice the principle of least privilege (PoLP)

Practice the principle of least privilege. Do not log into a computer with administrator rights unless you must do so to perform specific tasks. Running your computer as an administrator (or as a Power User in Windows) leaves your computer vulnerable to security risks and exploits. Simply visiting an unfamiliar internet site with these high-privilege accounts can cause extreme damage to your computer, such as reformatting your hard drive, deleting all your files, and creating a new user account with administrative access. When you do need to perform tasks as an administrator, always follow secure procedures. For more, see Account Privileges.

Use security software

Install and maintain recommended security software.

Frequently back up important documents and files

Back up your data frequently. This protects your data in the event of an operating system crash, hardware failure, or virus attack. UITS recommends saving files in multiple places using two different forms of media (for example, Cloud Storage or USB flash drive). See Options for storing files at IU.

Avoid threats to your computer

  • Never share passwords or passphrases: Pick strong passwords and passphrases, and keep them private. Never share your passwords or passphrases, even with friends, family, or computer support personnel.
    Important:
    At Indiana University, official communication (including email messages, phone calls, or computer support consultations) will never include a request for your IU passphrase.

    For more, see:

  • Use Two-Step Login (Duo): Two-Step Login (Duo) adds a second layer of security when you log into IU systems. Combining an additional verification with your username and passphrase helps prevent anyone but you from logging in. For more, see:
  • Sign up for foreign login alerts: If your account is compromised by an attacker who logs in from overseas, IU can alert you via email. See Know if someone outside the US has logged into your IU account.
  • Do not click random links: Do not click any link that you can't verify. To avoid viruses spread via email or instant messaging (IM), think before you click; if you receive a message out of the blue, with nothing more than a link and/or general text, do not click it. If you doubt its validity, ask for more information from the sender. For further important information about links in email, see Avoid phishing scams.
  • Inspect sites that ask for your username and passphrase: All sites requiring you to log in (at IU and elsewhere) should encrypt data being transmitted between your device and the site. If the site doesn't have a green padlock in the URL field (Secure site URL padlock), the connection is not secure and you should not log in.
  • Beware of email or attachments from unknown people, or with a strange subject line: Never open an attachment you weren't expecting, and if you do not know the sender of an attachment, delete the message without reading it. To open an attachment, first save it to your computer and then scan it with your antivirus software; check the software's help documentation for instructions.
  • Do not download unfamiliar software off the internet: Many peer-to-peer (P2P) file sharing programs appear to have useful and legitimate functions. However, most of this software is (or contains) spyware, which will damage your operating system installation, waste resources, generate pop-up ads, and report your personal information back to the company that provides the software.

    Obtain public domain software from reputable sources, and then check the newly downloaded software thoroughly, using reputable virus detection software on a locked disk, for signs of infection before copying it to a hard disk.

    Note:

    Before you choose to download and use these types of programs, make sure you are not violating copyright or other applicable laws. Downloading or distributing whole copies of copyrighted material for personal use or entertainment without explicit permission from the copyright owner is against the law. For more, see:

  • Do not propagate virus hoaxes or chain mail: For more, see Avoid getting in trouble with email.
  • Log out of or lock your computer when stepping away, even for a moment: Forgetting to log out poses a security risk with any computer that is accessible to other people (including computers in public facilities, offices, and shared housing), because it leaves your account open to abuse. Someone could sit down at that computer and continue working from your account, doing damage to your files, retrieving personal information, or using your account to perform malicious actions. To avoid misuse by others, remember to log out of or lock your computer whenever you leave it.
  • Shut down laboratory or test computers after you are finished with them: For computers in the UITS Student Technology Centers (STCs) or Residential Technology Centers (RTCs), logging out is sufficient to protect the security of your accounts and data. With other computers, however, it's safest to shut them down after you've finished, to prevent unauthorized access. Shutting down a computer prevents others from hacking it remotely, among other risks.
  • Remove unnecessary programs or services from your computer: Uninstall any software and services you do not need.
  • Restrict remote access: UITS recommends that you disable file and print sharing. In rare exceptions when you may need to share a resource with others, you should correctly set the file and directory permissions. When possible, limit the sharing to the specific user account that needs access.

    UITS also recommends disabling Remote Desktop (RDP), Remote Assistance, and Secure Shell (SSH) unless you require these features. If you do, enable the remote connections when needed, and disable them when you're finished. Note that you only need to enable RDP, Remote Assistance, or SSH on the computer you intend to connect to; disabling them on the computer you're connecting from will not prevent you from making a connection to another computer. See Using Remote Desktop securely and Using SSH.

    For all types of remote file sharing and access, you should use your system's host-based firewall to scope access based on IP address, only granting access to the most limited range of IP addresses needed to accomplish your task.

  • Treat sensitive data very carefully: For example, when creating files, avoid keying the files to Social Security numbers, and don't gather any more information about people than is absolutely necessary.

    At IU, sensitive information should be handled (that is, collected, manipulated, stored, or shared) according to legal and university functional requirements related to the specific use involved, as well as data and security policies of the university; see Protecting Data & Privacy. For more, contact the university Data Steward for the data subject area involved.

  • Remove data securely: Remove files or data you no longer need to prevent unauthorized access to them. Merely deleting sensitive material is not sufficient, as it does not actually remove the data from your system. For information on secure data removal, see Secure Data Removal.
  • Deploy encryption whenever it is available:

    Using a whole-disk encryption program is the best safeguard against unauthorized access of data on your personal computer. Such applications use strong encryption methods that protect your device's hard drive while allowing you easy access to your data. For disk encryption, UITS recommends the following:

    For more, see About secure websites and SSL/TLS certificates.

Secure your home network

For advice on securing your home network, see Secure your home wireless network.

This is document akln in the Knowledge Base.
Last modified on 2023-11-10 11:22:27.