Security
Maintaining a secure technology environment at Calvin University involves both its technology and its people.
Security certainly involves protecting devices from viruses, malware, and hackers, but it also involves protecting sensitive university and personal information. While CIT works hard to make the network as secure as possible, it's important that all members of the Calvin community do their part as well.
Best practices for keeping your information secure
Avoid malicious websites
Never respond to an email that is requesting personal information including usernames, passwords, and the like. These emails often link to malicious sites and by responding, you put your and Calvin's information at risk.
In order to minimize the risk posed by malicious websites, Calvin Information Security blocks access to known phishing sites and known web domains used for the purpose of installing malware or spyware. If you attempt to go to one of these sites you will be redirected to a page informing you that the page is being blocked by CIT.
If you believe a site you are trying to access is being blocked in error, please email the HelpDesk.
Keep your antivirus software updated
Antivirus software is your best defense against viruses. Microsoft provides Windows Defender for free and there are free options for Apple computers as well.
Calvin provisioned computers are equipped with Endpoint Protection which is updated automatically.
Update your operating system and applications
Microsoft, Apple, and Google periodically distribute updates to their computer and mobile operating systems to fix known problems and vulnerabilities. By enabling these system updates to run automatically, your computer will receive these updates as they become available and may notify you to install them. In most cases, it is best to install a system update as soon as you are notified it is available.
Calvin provisioned computers have updates delivered to them by CIT and should not have automatic updates enabled.
Keep your computer free of spyware
Spyware is any software that covertly gathers your information through your Internet connection without your knowledge, usually for advertising purposes. The purpose of spyware is to allow organizations to monitor your Internet browsing patterns, profile your shopping preferences, send you unlimited pop-up ads, and possibly install more unwanted software on your computer. Spyware applications usually come as a part of a freeware or shareware program that was downloaded from the Internet.
Common indicators that your computer has spyware or adware installed on your computer:
- Your homepage resets itself
When you first open your web browser, you are taken to a different page than the one you specified - Search results and links are distorted
When you click on a link or search, you are taken to a different site than the one you expected - Numerous and annoying pop-up ads
- Unwanted software installed
- Browser slowing down
Your web browser slows down and web pages take a longer time to load - Additional toolbars appear in your web browser
Toobars claiming to be shopping or search helpers appear at the top of your web browser
Most spyware is installed without your knowledge when you click on a pop-up ad, download free files, or install free programs. Reading all prompts and being cautious about what you click on or install can help you avoid unwanted spyware and adware on your computer.
Do not install any software claiming to be a utility to speed up your computer, clean up your computer's drivers, or adware or spyware removal tools without checking with the HelpDesk.
Practice defensive computing
The best way to protect yourself against a system compromise is not to engage in activities which can leave you vulnerable to attacks.
Best practices include:
- Never click any links in email messages from an unknown source.
- Never download email attachments unless you are certain the sender intended to send you the file and it's expected. Many email viruses will send copies of themselves to members of an address book, so you may actually know the apparent send of the message. To be safe, verify with the sender that the message was intended for you before you download the attachment.
- Be very suspicious of any email from an unknown source, and never download files from an unknown source.
- Do not download software from unfamiliar or untrusted sources.
- Scan any portable hard drives you have used in public computers or have shared before using them in another computer.
- If you use Instant Messaging, do not run programs or follow links that people send to you.
- Do not use files sharing software. Downloading and/or sharing copyrighted material is illegal, and many Internet worms are spread through file sharing networks.
Be careful what you download
Spyware and malware are lurking in many places on the Internet. Be careful when you download peer-to-peer programs. Many of these programs also install spyware and malware onto your computer without your knowledge or consent.
Create strong passphrases and passwords
Strong passphrases can help protect your computer and your accounts containing personal information.
Backup your files
Technology can prove unreliable at times, therefore it is important to save your files in more than one location. You should save your personal files in at least two of these locations:
- your computer's hard drive
- in the cloud in places like OneDrive, Google Drive, or iCloud Drive
- a portable hard drive
Prevent physical access to your computer
Physical access is another way in which someone might gain access to your computer and confidential information. Protect your computer from physical access by following these practices:
- Lock your office when you are not there—even if it is for a one hour class period or a short meeting
- Use a screensaver password.
- Turn you computer off at night.
Best practices for mobile devices
Password protect all mobile devices
A password is your first line of defense against intrusion into your devices.
Enable an auto-lock feature
When your phone is not being used it should auto-lock and require a password or some type of authentication to be unlocked.
Switch Bluetooth to hidden mode or turn it off completely
If you are not using Bluetooth, remove the risk entirely by turning it off.
Avoid putting confidential information on your mobile device
If you must put confidential information on your mobile device it is imperative that you encrypt your mobile devices storage and/or the confidential information (not possible on all mobile devices).
Consider using a remote wipe service or tracing software
In the event that your mobile device is stolen you can act immediately to determine its location or remotely wipe the device memory.
Be careful where you download applications for your phone
Staying within the bounds of manufacturer market places or app stores is a good first step. Downloaded apps from third party markets or stores have a higher probability of carrying along malicious software. To further decrease your risk, only download applications from companies with a good reputation.
Consider security/malware protection software for you mobile device
As malware on mobile devices continues to increase, it is becoming more important to have security software.
Keep all software up to date
Software on your mobile device includes the operating system and any installed apps. This will help to protect the device from attack and compromise.
Be careful connecting to a public WI-FI
When connecting to a public WI-FI, do not access or provide any confidential information from your mobile devices. Criminals do not have to touch your phone to be able to view any information you are entering like passwords or credit card numbers.