All University owned computers will have anti-virus installed on them by Information Technology.
Viruses are the most well-known of several categories of maliciously targeted programs (generically called malware). Most malware programs install themselves through vulnerabilities in the operating system, software, or through social engineering. Once installed, the malware will deliver some sort of a payload (from simply spreading itself again to installing a keylogger to track everything you type) and attempt to spread itself further.
Antivirus software is only as effective as its latest definitions, or, the list of viruses the software can detect. Because of the high number of viruses for Windows, most antivirus software available for Windows has this capability built into the program to automatically update its definitions on a set schedule.
Keep your operating system and your software applications up to date to protect University and personal data. You should also encrypt your devices so that your data remains secure even if you lose a device or one is stolen from you.
Your web browser software is particularly vulnerable to a variety of attacks.
Browser Security Checklist:
- Review your browser security settings to make sure you are protected.
- Do not allow your browser to save passwords for you.
- Be wary of browser syncing features, especially if you use shared or public computers.
- Do not enable autocomplete features for web forms.
- Use a secure browser and keep it up to date.
- Exercise extreme caution when installing browser extensions and plugins.
- Do not accept downloads from sources you do not recognize.
- Only provide information on web forms when you are certain of the reason you are providing it.
Keep Your Software and Operating System Up To Date
Most desktop security incidents exploit flaws in your computer’s operating system and software. As these flaws are discovered, vendors release patches to cover these security holes.
Information Technology uses Desktop Central to manage software versions and operating system updates to ensure computers are always up to date.
There are a number of ways data thieves can gain access to files on your laptop, desktop, mobile phone, or other devices, even if you have set a login password. If your device is lost or stolen, if you leave it turned on in public spaces, or if your login password is compromised, a determined thief may be able to steal sensitive files. Encryption offers another layer of security for your important data.
Information Technology encrypts all University owned portable computers and at the request of the user we will encrypt desktop computers for those with sensitive data.
Wipe Devices Before Getting Rid of Them
Even devices you have not used in some time may still have sensitive information stored in memory. Be sure to wipe all desktop, laptop, and mobile device memory before you dispose of these devices or pass them on to anyone else.
Information Technology will wipe University Owned devices prior to them being surplused.
Remember: simply deleting files from your device does not permanently remove the information from your hard drive. You must perform a wipe to permanently erase data.
MalwareMalware, or malicious software, is hostile, intrusive code that can compromise your data or even disable your devices. There are a number of different kinds of malware, including:
- Trojan horses
Malware can spread rapidly through many different channels. Malicious email attachments, infected document files, websites concealing hostile code, and unprotected fileshares are common vectors of malware infection.
Modern antivirus software helps protect against the malware, spyware, viruses, and other invasive methods data thieves use to infiltrate computers and networks. Because criminals are always finding new ways to break into systems, it is critical to keep antivirus software current on your personal and University-owned computers.
When you choose antivirus software, select a product from a trusted company. Do not click on internet pop-up ads for antivirus software. This is a common tactic used to trick users into downloading malware.
U.S. Customs and Border Protection may search and copy the contents of travelers' laptops and expect travelers to divulge credentials and encryption keys as necessary. Americans can expect similar treatment when visiting other countries. Refusal to comply can result in seizure of the device or denial of entry into the host country. Once in the country, risks to sensitive data continue. Some countries legally prohibit encryption, and others view all encryption suspiciously. Physical loss and digital espionage also put confidential information (or tools to access it) on your devices at risk.
When traveling abroad, there is no expectation of privacy. Always assume in your destination country, U.S. ports of entry and in transit, eavesdropping may take place on all electronic communications.
What to Do Before Traveling Internationally
Use a Loaner Device
International travelers should arrange to use loaner devices while traveling abroad. Load only essential data and information that will be needed while traveling and be sure to set-up password controls.
Do not travel with confidential or sensitive information even if it is encrypted. U.S. export control regulations forbid the transport of certain data outside of the country (see the Texas A&M University Division of Research website for more information).
Do not allow services or applications to store your passwords on the loaner device.
No Loaner Device Available?
If loaner devices are not available, take the following steps to prepare your system for international travel:
- Back up all data.
- Remove all information not essential to travel. Do not travel with confidential, sensitive, proprietary, research or export controlled information even if it is encrypted. U.S. export control regulations forbid the transport of certain data outside of the country (see the Texas A&M University Division of Research website for information).
- Do not allow services or applications to store your passwords. Remove this option for your current systems, including email and Wi-Fi.
- Update all antivirus, security patches, and firewalls.
- Set up password protection on your devices. Require a password to start and unlock the device.
- Bring it to Information Services to be encrypted.
What to Do While Traveling Internationally
Keep Devices with You
Do not leave any electronic devices (cell phones, laptops, tablets, etc.) unattended, even in your hotel room or safe. Do not pack electronic devices in your checked bags or ask someone to watch them for you.
Disconnect When Possible
Turn off Bluetooth, cellular services and Wi-Fi any time you are not using them.
Limit Access to Restricted Information
To prevent the interception of information without your knowledge, avoid accessing confidential, sensitive, proprietary, research or export restricted information from your electronic device. If you must access these items for presentations or collaboration, use a secure VPN connection, unless encryption is prohibited in the host country (see the Texas A&M University Division of Research website for more information).
Loss or Theft
Immediately report loss or theft of electronic devices to the local authorities and either firstname.lastname@example.org and email@example.com. Do not wait until your return to report loss or theft. Take the necessary contact information with you and store it separately from your electronic devices.
What Should I Do When Returning From International Travel?
Return any loaner devices
Remove all data from your loaner devices and return them promptly.
Change Your Passwords
Change your password on any service, device or application that you accessed while traveling or that shares a password that you used while traveling.
Sanitize Your Devices
When possible, reinstall the Operating System on any devices you carried on your trip. Otherwise, request that an IT person analyze your device for malware or unauthorized access.