Computer and Information Security
When not in use turn off you computer, especially if it is connected to a network which is "always on". The types of network that are always on includes broadband and the University's network. This not only keeps the computer more secure, but also saves on electricity.
Take regular data backups. This will allow you to recover files should your computer require rebuilding after hardware failure or data corruption. Store the backups in a safe place. Once a backup has been superceded destory the old copy and dispose of it securely.
Limit applications on your computer. Do not install software or utilities from dubious internet sites. If you are not entirely sure about software do not install it. Sometimes, the most innocent software carries hidden utilities that will steal information and send it to criminals. If you have software installed that you no longer use; uninstall it. Software vendors regularly send out patches for their products, these should be installed.
Computer viruses & spyware
In order to reduce the chances of infection from computer viruses or
worms, and/or breaches of security, it is imperative that you keep your
computer up-to-date with the latest antivirus and antispyware protection. Please see the ITS antivirus web pages.
The University campus is protected by an enterprise firewall that is administered centrally. This does provide a good level of protection from most attacks originating from the internet. However, the University is a complex environment and not all users take security seriously. This may result in certain computers being vulnerable and then probing other machines on the University network. Since there is only limit internal control there is a possibility that a compromised machine will have access to ports previously blocked by the firewall.
The use of personal firewalls does increase the complexity and user burden, but is probably justified where the computer is mobile, used on the home broadband or is used as server.
The firewall for MDS computers is set to be on by default
When you visit a website, it may send you a cookie so that it can identify you upon your return. You should limit cookies and applets to sites that you know and trust. Regularly deleting cookies will also help with preventing information leak.
Do not assume a website is what it claims, unless you typed the URL. Following links can easily redirect you to a site that is pretending to be the intended site. This type of attack is often used to defeat the security of SSL. You are presented with a site that looks like a secure site, but is not and the attacker is trying to get you to enter sensitive data - bank details, personal information, passwords.
Secure websites are not always as secure as they should be. When transacting business with a website, limit the financial and personal information you divulge and opt out of any marketing. In principle, do not give any information unless there is a real advantage to you. If the website offer not to store your information accept it.
Never use a debit card to conduct business over the internet. If you must transact such business use a credit card.
For websites that require very strong passwords (i.e. internet banking, high value business transactions) you should choose a a long, random, complex password. Unfortunately, in order for the password to be strong enough, you will not remember it. So, you might have to write it down. If you do write it down, store it as you would, your money. Never reuse this password to less important sites. This password must only be used on the site for which it was created.
It is fine to have weaker password for sites that are low value (i.e magazine subscription, newspaper archive). Should this password be compromised, the thief will only gain access to the service not all your money.