Welcome to Arkansas State University!

Information Security Best Practices

Protecting Your Devices

Best Practices for Securing your computer or laptop

Use a strong password…Do not share your password, if you write them down make sure they are secure. For more information on how to create a strong password view Password Standards.

Lock your computer…If it is going to be left unattended, or shut it down if you are going to be away.

Anti-virus…Make sure you have an anti-virus installed, and automatic scans and updates are turned on. ITS has licensed Symantec Endpoint Antivirus which is installed on all university computers. We have also made Symantec Endpoint Antivirus available for personal use, you can put this on your personal computer by downloading from www.astate.edu/a/its/software-downloads/

Operating systems and Applications…Make sure to keep your operating system and applications up to date, vendors are constantly releasing security patches and software updates. You can configure your system to automatically update or notify you when updates become available.

Malware software…Make sure you have anti-malware software installed and up to date. Also, we recommend running regular, weekly scans of your computer. ITS has an enterprise version of Malwarebytes for university owned Windows computers. If this is not installed please contact the help desk at 870.972.3933 or itshelpdesk@astate.edu. For your personal computers get the free version from https://www.malwarebytes.org/

Know your data…control your data…Make sure you know if you have any Personally Identifiable Information (PII) on your computer, phone, or tablet and limit access to that data.

Identity Finder…Make sure Identity Finder is installed and scanning on all university owned computers. Remediate any Personally Identifiable Information (PII) that has been found by moving it to your Fileserver, shredding it, or securing it. Remember to only keep PII for as long as necessary.

Sharing PII...Sending this information through email is not recommended. It is acceptable to fax if the recipient can receive the fax as soon as it is sent. ShareSpace can be used to share data with others (access Sharespace at https://webapps.astate.edu/sharespace).

Surf Smart…Don't provide personal or sensitive information to Internet sites, surveys or forms unless you are using a trusted, secure web page. Also, just opening a malicious web page can infect a computer. Be aware of what you are navigating to before clicking on a web link. Use the Hover Technique, and when in doubt, instead of clicking on an unknown link, look up the website on your own and go there independently. 

  • We also recommend using Adblock Plus (ABP), this can be installed on Internet Explorer, Chrome, Firefox, and Safari. ABP can help block unwanted ad pop-ups, illegitimate third party malware and phishing advertisements, but remember you still have to surf smart. To install ABP, go to https://adblockplus.org/

Be aware of Phishing…Be cautious of unfamiliar or suspicious emails. Do not open attachments or click on links in emails unless you know what you are opening. Practice the Hover Technique on all links, and if you suspect an email may be a Phishing attempt delete it or forward it to itshelpdesk@astate.edu.

When working from home...Make sure that you use a tagged university-owned computer and the operating system and anti-virus is completely up to date at all times. Use VPN connections to connect back to campus. If you do not know how to VPN, please contact the ITS Help Desk at 3933 for assistance.

Mobile Devices

Best practices for securing phones and tablets

Just like your computer, there are a number of ways in which information on mobile devices may be stolen. Because mobile devices such as phones or tablets may be more easily stolen or compromised, users must take similar precautions to your computers in order to make them more secure.

 1. Configure mobile devices securely. Depending on the specific device, you should be able to:

  1. Enable auto-lock. (This may correspond to your screen timeout setting).
  2. Enable password or passcode protection.
    1. Use a reasonably complex password where possible.
    2. Avoid using auto-complete features that remember user names or passwords.
  3. Ensure that browser security settings are configured appropriately.
  4. Enable remote wipe options (third party applications may provide the ability to remotely wipe the device). 

2. Disable Bluetooth (if not needed). This will help prolong battery life and provide better security.

3. Know your mobile vendor's policies on lost or stolen devices. Know the steps you need to take if you lose your device. Report the loss to your carrier ASAP so they can deactivate the device. For university owned phones or tablets that are lost or stolen please contact ITS ASAP at 870.972.3033

USE ADDED FEATURES

  1. Keep your mobile device and applications on the device up to date. Use automatic update options if available.
  2. Install an anti-virus/security program (if available) and configure automatic updates if possible. Like computers, mobile devices have operating systems with weaknesses that attackers may exploit.

 GENERAL TIPS                

  1. Never leave your mobile device unattended.
  2. Report lost or stolen devices and change any passwords.
  3. Avoid unencrypted public wireless networks.

Security Tip of the Day!

Phishing

Phishing is when an attacker attempts to fool you into clicking on a malicious link or opening an attachment in an email. Be suspicious of any email or online message that creates a sense of urgency, has bad spelling or addresses you with a generic greeting such as "Dear Customer."

CLICK HERE to see more SANS Security Awareness Tips!


Information Security Best Practices
Contact IT Security

Information Technology Security

Phone: 870-972-3770

Quick Tips

Be Safe and Check Those Files and URL's!


Find out if a file or program of 128MB or less, or a URL is safe by visiting www.virustotal.com. This is a free service which scans submissions using a combination of antivirus engines. VirusTotal detects viruses, worms, trojans, and other kinds of malware that any one antivirus application might miss. VirusTotal will also check URL's to verify if they are legitimate.