Makerere University

Enter a keyword or two into the search box above and click search..

Best practices for computer security

You are here

Home

This document details how you can secure your computer, accounts, and the data stored on them. Best Practices contains more technical security precautions that you should know, and that IT Pros should implement.

All information in this document applies to laptops.

For help, contact DICTS at helpme@dicts.mak.ac.ug

Note: Following some of the suggestions below can affect how your computer interacts with the network. 

Top four things you can do to protect your computer

1. Use security software
The most important thing you can do to keep your computer safe is to install and maintain security software.
Note: For personal computers, DICTS recommends Sophos for all computers but also recommeds Windows Defender for Windows 8.x, which comes as part of Windows 8.x as a full antivirus suite. For Windows 7 and Vista, DICTS recommends Microsoft Security Essentials, available free of charge via IUware. Be sure to have only one antivirus program installed.

2. Practice the principle of least privilege (PoLP)

Practice the principle of least privilege. Do not log into a computer with administrator rights unless you must do so to perform specific tasks. Running your computer as an administrator (or as a Power User in Windows) leaves your computer vulnerable to security risks and exploits. Simply visiting an unfamiliar Internet site with these high-privilege accounts can cause extreme damage to your computer, such as reformatting your hard drive, deleting all your files, and creating a new user account with administrative access. When you do need to perform tasks as an administrator, always follow secure procedures. For more, see Use a Less Privileged Account.

3. Maintain current software and updates
Use a secure, supported operating system; keep your software updated by applying the latest service packs and patches. Refer to your operating system's help for assistance.

4. Frequently back up important documents and files

Back up your data frequently. This protects your data in the event of an operating system crash, hardware failure, or virus attack. DICTS recommends saving files in multiple places using two different forms of media (e.g., Cloud Storage, Oncourse Resources, or USB flash drive). For Backups of Systems like HURIS, ARIS, these are done at the NOC [Network Operation Centre].

5. Avoid threats to your computer
Never share passwords or passphrases: Pick strong passwords and passphrases, and keep them private. Never share your passwords or passphrases, even with friends, family, or computer support personnel.
Note: At Makerere University under DICTS, no official communication (e.g., email message, phone call, or computer support consultation) will ever include a request for your Network ID password and username

6. Do not click random links: Do not click any link that you can't verify. To avoid viruses spread via email or instant messaging (IM), think before you click; if you receive a message out of the blue, with nothing more than a link and/or general text, do not click it. If you doubt its validity, ask for more information from the sender.

7. Beware of email or attachments from unknown people, or with a strange subject line: Never open an attachment you weren't expecting, and if you do not know the sender of an attachment, delete the message without reading it. To open an attachment, first save it to your computer and then scan it with your antivirus software; check the program's help documentation for instructions.
8. Do not download unfamiliar software off the Internet: KaZaA, Bonzi, Gator, HotBar, WhenUSave, CommentCursor, WebHancer, LimeWire, and other Gnutella programs all appear to have useful and legitimate functions. However, most of this software is (or contains) spyware, which will damage your operating system installation, waste resources, generate pop-up ads, and report your personal information back to the company that provides the software.
Obtain public domain software from reputable sources, and then check the newly downloaded software thoroughly, using reputable virus detection software on a locked disk, for signs of infection before copying it to a hard disk.

Note: Before you choose to download and use these types of programs, make sure you are not violating copyright or other applicable laws. Downloading or distributing whole copies of copyrighted material for personal use or entertainment without explicit permission from the copyright owner is against the law.

9. Do not propagate virus hoaxes or chain mail: For more, see:
What should I know to avoid getting in trouble with email?
How can I tell if a computer virus alert is a hoax?

10. Log out of or lock your computer when stepping away, even for a moment: Forgetting to log out poses a security risk with any computer that is accessible to other people (including computers in public facilities, offices, and shared housing), because it leaves your account open to abuse. Someone could sit down at that computer and continue working from your account, doing damage to your files, retrieving personal information, or using your account to perform malicious actions. (For an example of possible consequences, see this entry in the Protect IU Blog.) To avoid misuse by others, remember to log out of or lock your computer whenever you leave it.

11. Shut down laboratory or test computers after you are finished with them: For computers in the different offices, logging out is sufficient to protect the security of your accounts and data. With other computers, however, it is usually necessary to shut them down after you have finished to prevent unauthorized access. Shutting down a computer prevents others from hacking it remotely, among other risks.

12. Remove unnecessary programs or services from your computer: Uninstall any software and services you do not need. 

13. Restrict remote access:DICTS recommends that you disable file and print sharing. In rare exceptions when you may need to share a resource with others, you should format your drive using NTFS, and correctly set the file and directory permissions. DICTS also recommends disabling Remote Desktop (RDP) and Remote Assistance, unless you require these features. If you do, enable the remote connections when needed, and disable them when you're finished. Note that you only need to enable RDP on the computer you intend to connect to; disabling RDP on the computer you're connecting from will not prevent you from making a connection to another computer.

14. Treat sensitive data very carefully: For example, when creating files, avoid keying the files to Social Security numbers, and don't gather any more information on people than is absolutely necessary.

At MAKERERE, sensitive information should be handled (i.e., collected, manipulated, stored, or shared) according to legal and university functional requirements related to the specific use involved, as well as data and security policies of the university; see Protecting Data. For more, contact the university Data Steward for the data subject area involved; see the Committee of Data Stewards.

15. Remove data securely: Remove files or data you no longer need to prevent unauthorized access to them. Merely deleting sensitive material is not sufficient, as it does not actually remove the data from your system. For information on secure data removal, see Securely Removing Data.
16. Deploy encryption whenever it is available: For more, see:
What are secure web sites and SSL/TLS certificates?

17. Protect Your Passwords

Here are a few principles for creating strong passwords and keeping them safe:

  • The longer the password, the tougher it is to crack.  Use at least 10 characters; 12 is ideal for most home users.
  • Mix letters, numbers, and special characters.  Try to be unpredictable – don’t use your name, birthdate, or common words.
  • Don’t use the same password for many accounts.  If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
  • Don’t share passwords on the phone, in texts or by email.  Legitimate companies will not send you messages asking for your password.  If you get such a message, it’s probably a scam.
  • Keep your passwords in a secure place, out of plain sight.

18. Give Personal Information Over Encrypted Websites Only

If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure).

Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in.

19. Treat Your Personal Information Like Cash

Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about whether you can really trust the request. In an effort to steal your information, scammers will do everything they can to appear trustworthy. Learn more about scammers who phish for your personal information.

 

Category: 
Security