Protecting the data you work with every day requires continuous vigilance. You should never consider the data you access inconsequential or unimportant. It may seem that way to you, but to an attacker it may be the final piece of information needed to complete a puzzle.
Do your work habits put information at risk?
They might unless you:
- Become aware of who is around your work area and what they might see.
- Remove sensitive data from your computer
When this information is no longer needed make sure to safely remove the data, otherwise you don't know.
- Always log out or lock your workstation even if away for only a few minutes.
- Do NOT store passwords directly in your browser
It may be tempting to use your browser's built-in password storage tools, but if someone breaks into your machine, either physically or virtually, they will be able to access anything you need a password for without even knowing your password. Furthermore, the most frequently given reason for forgetting a password is that it was saved, and its owner forgot what it was.
- DO use a separate, trusted password manager
Instead of storing your passwords in your browser, use a password manager you trust, such as LastPass, the official Texas State University password manager. Many password managers offer their own separate, secure browser plugins and standalone applications, which will allow you to easily and securely store your credentials.These applications and plugins should only be used on a device you trust.
If the data you work with is too valuable to lose (and what data isn't?), arrange to have it backed up. Often this can be done by simply copying the data to an external storage device like a USB drive (if you are storing sensitive or confidential data, we recommend using an encrypted USB drive) But you should find out if your unit has already set up a backup program for important data. You may also need to request that your Technical Support Professional (TSP) arrange for routine daily backups to ensure against permanent loss.
How can you protect both your personal and work-related data?
- Use and maintain anti-virus software and a firewall - Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. Make sure to keep your virus defenses up to date.
- Regularly scan your computer for spyware - Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data. Use a legitimate anti-spyware program to scan your computer and remove any of these files. Many anti-virus products have incorporated spyware detection.
- Keep software up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should turn it on.
- Evaluate your software's settings - The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
- Avoid unused software programs - Do not clutter your computer with unnecessary software programs. If you have programs on your computer that you do not use, consider uninstalling them. In addition to consuming system resources, these programs may contain vulnerabilities that, if not patched, may allow an attacker to access your computer.
- Consider creating separate user accounts - If there are other people using your computer, you may be worried that someone else may accidentally access, modify, and/or delete your files. Most operating systems give you the option of creating a different user account for each user, and you can set the amount of access and privileges for each account. You may also choose to have separate accounts for your work and personal purposes. While this approach will not completely isolate each area, it does offer some additional protection. However, it will not protect your computer against vulnerabilities that give an attacker administrative privileges. Ideally, you will have separate computers for work and personal use; this will offer a different type of protection.
- Establish guidelines for computer use - If there are multiple people using your computer, make sure they understand how to use the computer and internet safely. Setting boundaries and guidelines will help to protect your data.
- Use passwords and encrypt sensitive files - Passwords and other security features add layers of protection if used appropriately. By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. You should also employ full disk encryption on your university workstations, which prevents a thief from even starting your computer without a passphrase. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
- Follow corporate policies for handling and storing work-related information - If you use your computer for work-related purposes, make sure to follow any corporate policies for handling and storing the information. These policies were likely established to protect proprietary information and customer data, as well as to protect you and the company from liability. Even if it is not explicitly stated in your corporate policy, you should avoid allowing other people, including family members, to use a computer that contains corporate data.
- Dispose of sensitive information properly - Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, make sure that you adequately erase sensitive files.
- Follow good security habits - Review other security tips for ways to protect yourself and your data