Secure IT everyday

Published: 14 January 2020

How and what can you do to work in a safe and secure way with the IT support you have and use? Being Cybersmart - #becybersmart Using strong passwords, multi-factor authentication, backing up your data and keeping your devices' software up to date is a great way to #becybersmart

Tips for maintaining IT security and protecting your information:

Do not leave your computer or phone unattended in public premises

It takes no time at all to steal it and as short as 20-30 seconds to install a spyware or malicious code.

Lock your computer automatically

Make sure that the computer requires login (screen lock) which is activated automatically after 1-3 minutes of inactivity and after it has gone into power save mode.

Be ware of your password

The password associated with your username is intended to prevent unauthorized access to the university's information. Passwords are personal and it is your responsibility to make sure that no one else knows your passwords. Avoid writing down the password in plain text (on paper or digital data file) Use a Password Manager in your computer or phone.

Keep your devices up to date

Make sure your computer, mobile devices and phone are kept up to date with the latest versions of operating systems, web browsers, antivirus, Flash and Java. Old software versions that contain vulnerabilities can expose your computer and other mobile devices to malware.

Be careful with USB flash drives

Do not let the curiosity about what kind of information may be on the USB memory take over. Handle external USB sticks, memory cards and hard disks with care as they may carry and spread malicious code. Do not connect USB sticks found on the street or at trade fairs to your computer. They may contain malicious code that steals your data, installs backdoors or encrypt the information in the system. Make sure there is a malware program (antivirus) where they are used. Read about a current case in Gothenburg:
https://www.gp.se/nyheter/g%C3%B6teborg/skadliga-usb-stickor-hittade-p%C3%A5-lindholmen-1.4197409

Be careful with "open" Public Wifi networks

Open public wifi networks are shared by many, some with dubious intentions. You should not connect to Public Wifi networks, in public places, cafes, trains, planes or Hotels. These often have low security and are therefore targets for someone who wants to steal information or your login information.

Beware of malicious links

Attention!
Do not click on links and content in emails or web pages that you do not trust.

Look for SSL certificates. By browsing websites that start with https: // instead of http: // you know that the information you enter on the website is sent encrypted to the website owner.

Think before you click the link in an Email or the Web - do you know where it leads and what it does?

Pay attention to phishing and social manipulation

Beware of social manipulation and phishing where people try to trick you with personal information, such as passwords, usernames, account numbers or codes. - Does this request or request seem relevant? - Is it likely that I will be contacted and asked to provide confidential information in this way ... usually NOT likely! - Does it come from a reliable source that I recognize? - Is the link address protected (https: // ...)?

Think about what you send by email

Think about what you send by e-mail - do not send sensitive information with regular E-mail If you need to send sensitive information by E-mail, the and / or attached documents should be encrypted.

Length of password over complexity.
A password that consists of 8 randomly selected characters is never as strong as a collection of multiple words that add 12 - 20 characters. Preferably choose a set of memorable words that you can connect in your mind. For example, "peanut butter salt sugar bread yummy", which makes me think of eating a peanut butter sandwich. You should also associate words with symbols or numbers instead of spaces to increase the difficulty.

Do not reuse passwords
It is tempting to reuse a password. It makes it easy for you to remember it on all your different accounts, but it leaves you wide open if someone manages to break your password on one page. You run the risk of intruders gaining access to all your services where you use the same password.

Change your password if an IT service or website has had a leak.
If an IT service or website notifies you that your account may have been compromised in the event of a leak, change your password immediately.

Use a password manager.
Even the most memorable passwords become a problem if you need to remember more than a small handful of them. With a password manager, each of these IT supports and websites has a unique password.
You only need to remember the password for your password manager and your primary password to be able to log in to my devices using your password manager.

If possible, always enable multi-factor authentication.
With multi-factor authentication apps, such as Microsoft Authenticator, Okta or via text / SMS, a unique code and your password must be entered to log in. Always select the App version over the SMS-based two-factor authentication.

Make your LTU account more secure

Set up two-factor authentication for your LTU account in Microsoft 365

[/ltu/it-support/IT-support-personal/Jobba-sakert-med-IT/En-saker-IT-vardag/Tvafaktorsautentisering-sakert-LTU-konto-1.217901?l=en]

Work safely remotely

For employees at LTU

[/ltu/it-support/IT-support-personal/E-moten-och-arbeta-pa-distans/Arbeta-sakert-pa-distans-1.197179?l=en]

Published:14 January 2020

Updated: 3 May 2022

By:IT

Edit page