Understand the common risks to computers that could result in a data breach

• Use the computer responsibly
• Do not respond to a malicious request for your personal authentication credentials, such as passwords, PINs, or account numbers. No legitimate entity will request your authentication credentials via email or through any other channel. Authentication credentials, such as passwords, must never be shared.
• Avoid high-risk behavior by following simple guidelines:
  • Avoid visiting a questionable website
  • Do not use Peer-to-Peer file sharing
  • Do not download files through online chat programs
  • Do not open suspicious or mysterious email attachments
  • Do not access applications or links embedded in social networking sites (Facebook, Twitter, etc.)
  • Do not attach questionable removable media, such as a USB flash drive found in a parking lot, to the system
• Do not download, install, or use any application that has questionable integrity
• Avoid clicking directly on an embedded URL link in a document, email, or high-risk website; instead, type out the URL in a browser such as Firefox or Chrome because links that appear legitimate may mask a malicious address, also known as "URL spoofing"
• Learn how to view the email header which shows the true sender's email address and the sender's system IP address or contact an authoritative source to confirm legitimacy. An email may appear to come from a known, trusted source, but the sender's "FROM" address may mask a malicious address, also known as "email address spoofing."

Keep current with system updates, antivirus software, and host-based firewalls

• Ensure that the computer and applications are updated regularly. Users must NOT block installation of security patches for the system and Microsoft applications in MESA.
• Ensure that the computer has university-supported antivirus software. Users must NOT block or otherwise disable current versions of university-supported antivirus software in MESA.
• Maintain a host-based firewall if the computer is not in MESA, as MESA configurations include a firewall.

Follow good password security practices

• Never share passwords
• Always use strong passwords
• Change passwords as required by University Policy 1301: Responsible Use of Computing
• Do not write down passwords

Apply proper system configurations

• Use a password-protected screen saver
• Turn off your computer, if possible, when left unattended for a substantial amount of time (e.g. at lunchtime, at end of the day, on vacation) as Whole Disk Encryption only protects data when the system is off
• Avoid, if possible, the use of an administrator equivalent account on the computer. Some departments provide support where users do not need an administrator account on a computer; check with your department.