“Top Ten List” of Good Computing Practices

Document Sample
“Top Ten List” of Good Computing Practices Powered By Docstoc
					                                  “Top Ten List” of Good Computing Practices

  1.   Use cryptic passwords that can't be easily guessed, and protect your passwords.
           • Don’t share your passwords or private account information, and avoid writing them down.
           • Characteristics of good, cryptic passwords:
                    o At least 8 characters in length,
                    o Contain a mixture of upper and lower case letters, numbers, and symbols,
                    o Difficult to guess (e.g. don’t include real words or personal information like user name, names of
                          family members, places, pets, birthdays, address, hobbies, etc.), and
                    o Easy to remember (so you don’t have to write them down).
           • For additional information and tips, see the UCSC Password Strength and Security Standards at

  2.   Be cautious when using the Internet:
           • Don't provide personal or sensitive information to Internet sites, surveys or forms unless you are using a
               trusted, secure web page.
           • Also, just opening a malicious web page can infect a poorly protected computer. Be aware of where you
               are going before clicking on a web link. When in doubt, instead of clicking on an unknown or unsolicited
               link, look up the website on your own and go there independently.
           • Be extremely careful with file sharing software. There is a limit to the amount of bandwidth any given
               machine may use in a 24-hour period at UCSC. Violators risk being disconnected from campus networks.
               If you share copyrighted files, you also run the risk of serious legal consequences.
                    o Students should also check out the ResNet Usage Guidelines at
                         http://resnet.ucsc.edu/policy/usage.pdf for more information.

  3.   Practice Safe Emailing:
           • Don't open email attachments or click on links in emails unless you really know what you're opening.
           • Delete spam and suspicious emails; don’t open, forward or reply to them.

  4.   Secure your area before leaving it unattended.
           • Lock windows and doors.
           • If you are an employee, be sure to lock up portable equipment and sensitive material before you leave your
               work area (take keys out of drawers), and never share your access code, card or key.

  5.   Secure laptop computers at all times: keep it with you or lock it up securely before you step away.
           • At all times: in your office or dorm room, at coffee shops, meetings, conferences, etc.
               Remember: laptops get stolen from cars, houses, and offices all the time.
           • Make sure it is locked to or in something permanent.
           • Laptop lockdown cables are available at the BayTree Bookstore and most computer/office supply stores.

  6.   Shut down, lock, log off of, or put your computer to sleep before leaving it unattended, and make sure it
       requires a password to start up or wake-up.
           • <ctrl><alt><delete> or <Windows><L> on a PC; Apple menu or power button on a Mac.
           • Contact your computer support person or the ITS Support Center (459-HELP) for assistance.

  7.   Make sure your computer is protected with anti-virus and all necessary security “patches” and updates, and
       that you know what you need to do, if anything, to keep them current.
           • Contact your computer support person or the ITS Support Center (459-HELP) for assistance.

  8.   Don't keep sensitive information or your only copy of critical data, projects, files, etc. on portable devices
       (such as laptop computers, CDs/floppy disks, memory sticks, PDAs, data phones, etc.) unless they are
       properly protected. These items are extra vulnerable to theft or loss.

  9.   Don't install unknown or unsolicited programs on your computer.
          • These can harbor behind-the-scenes computer viruses or open a “back door” giving others access to your
               computer without your knowledge.

  10. Make backup copies of files or data you are not willing to lose – and store the copies very securely.

Rev. 12/1/08                                  New Employee Orientation
UCSC New Employee Orientation                                                                          RESOURCES

                                   Computer Security Resources
      • ITS Security Awareness Website: http://its.ucsc.edu/security_awareness/
               o   ITS’ “Top 10 List of Good Computing Practices”
               o   Information about protecting sensitive data
               o   Computer security training and tutorials, including
                   Cyber Security Learning Exchange on March 16, 2009
                   Introduction to Computer Security on May 5, 2009
               o   Password Standards and other IT Security policies and guidelines
               o   How to report computer security incidents
               o   Excellent UCSC and non-UCSC resources
               o   And more...

      • ITS Support Center – for general questions and information, or to report security incidents:
        help@ucsc.edu, 459-HELP, https://itrequest.ucsc.edu, in-person: M-F 8AM-5PM, 54 Kerr Hall

      • IT Services for new employees: http://its.ucsc.edu/service_catalog/new_employee/

      • Julie Goldstein, ITS Service Manager for Community and Compliance:
        julieg@ucsc.edu, 459-2779

   Sensitive Data                                                Reporting Security Incidents
   • Examples include                                                  Security Incident defined: Any attempted or
       Social security numbers                                         successful compromise or unauthorized access
       Ethnicity, gender, date of birth                                of computing systems or data
       Financial information such as credit
           card number or bank account number                    • Report anything unusual. If it sets off a
          Health or medical information                           warning in your mind, it just may be a
          Student records protected by FERPA                      problem. Don’t ignore it!
          Intellectual property or proprietary data,            • Immediately report suspected security incidents
           including information protected by a non-               & breaches to your supervisor and the ITS
           disclosure agreement                                    Support Center (contact info above).
          Home address or home telephone number                      If no one is available to receive your report,
          Religion or sexual orientation                               contact the ITS Security Team at
   • The best way to protect sensitive data is not to                   security@ucsc.edu
     have it at all. If you DO need to keep this kind of
                                                                 • Report lost or missing computing equipment to
     data, keep as little as possible: Securely delete
     sensitive data that you no longer have a business             your supervisor and the campus Police Dept
     need to keep (including email and archives).                  (459-2231 or http://www2.ucsc.edu/police/).
                                                                       And let them know if it contained sensitive
   • Sensitive data must be properly protected. See the                  information.
     ITS Security Awareness Website, above, or
     http://its.ucsc.edu/security/policies/rd.php, for
     more information.

Rev. 12/1/08                                               2                                           (julieg@ucsc.edu)