Information Technology Services

Attackers have learned that the easiest way to get what they want is to target you, rather than your computer or other devices. If they want your password, work data or control of your computer, they’ll attempt to trick you into giving it to them, often by creating a sense of urgency. Know the signs of a social engineering or phishing attack and be cautious of any messages that:

• Create a sense of urgency through fear or intimidation, or pressure you to bypass security policies or procedures.
• Appear to come from a friend or colleague but ask you to do something out of character.

Report malicious emails by marking them as phishing in Gmail or forward to phishing@brandeis.edu.

Make sure that your home wireless (Wi-Fi) home network is properly secured.

1. Set a recognizable name for your wireless network, but make sure it's not something that gives away your location or identity. Passers by should not be able to easily determine where the wireless network is coming from based on the name.
2. Ensure a password is required to access your wireless network. If you need to set a password, consult with your internet service provider if you are renting equipment from them. If you own your own networking equipment, consult the manual for your equipment to learn how to change the default settings.
3. Change the default password for your networking equipment's administrative interfaces. If you're renting your equipment, check for information on logging into the administrative interface on your modem/router and set a new password. Contact your Internet Service Provider if you need assistance. The administrator interface is what allows you to configure the settings for your wireless network and should be changed and protected. As always, use a unique password for both the administrative account and for your wireless network.

Make sure that you're using strong passwords or passphrases for all accounts. We recommend using LastPass to manage and generate passwords for you. For details on password management, please see our password guide.

Install updates whenever you're prompted to do so from software you recognize. Sometimes malicious programs can look legitimate, so feel free double check with the Technology Help Desk if you're in doubt about a particular update. 

Software updates generally fix security vulnerabilities and should be installed. Let's not make it easier for adversaries to get into your systems through software issues that can be resolved with an update. 

It's really easy to accidentally install malware or visit malicious sites. For that reason, make sure family and friends understand they cannot use your work devices, as they can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device.

Using a personal device to work remotely? Create separate accounts for family members to use and make sure no sensitive information is stored on the device itself. Cloud storage like Box is a good way to store and access sensitive information for work use. 

Use a virtual private network (VPN) while working from home or using public Wi-Fi networks, especially when using a banking app or conducting other important personal or professional business. VPNs create a secure, encrypted connection (like a tunnel) between your device and the network. You can also use incognito or private web browsing windows to limit the information collected in your browsing history, cookies, or online forms.

As adversaries develop new techniques to try to steal your information, taking steps to thwart their attacks is paramount. Doing "everything" to be secure can be overwhelming.

Our Top 10 tips are a good foundation for securing your devices and protecting your information from unauthorized access.

1. Assume you are a target - Anyone can be a target of cybercrime. We are all at risk and the stakes are high - both for your personal and financial well-being and for the university's standing and reputation. The tips below should be used as a guide with “anyone can be a target” as a base principle.
2. Keep software up to date - Installing software updates for your operating system and programs is critical. Always install the latest security updates for your devices:Turn on Automatic Updates for your operating system Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates Make sure to keep browser plug-ins (Flash, Java, etc.) up-to-date.
3. Learn to identify and avoid phishing scams - Fraudulent emails, calls, and texts from cyber criminals “phishing” for information have been around for decades. The adversaries are getting more sophisticated though with their attacks and more and more fraudulent emails look like they are coming from a reputable source or even forms someone you personally know and trust. Read our guide on phishing awareness to learn how to identify, avoid, and report phishing.
4. Practice good password management - Good passwords are long and unique. But we all have too many passwords to manage, which is why using a password manager is a great way to enhance digital security. Brandeis IT Security recommends and licenses LastPass.
5. Be careful what you click on - Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that will automatically install (often silently) and compromise your computer. That software you just heard of from an online advertisement telling you to speed up your computer and that it has found infections but wants payment to act is likely fraudulent. If attachments or links in the email are unexpected or suspicious for any reason, don't click on them.
6. Never leave devices unattended - The physical security of your devices is just as important as their technical security. If you need to leave your laptop, phone, or tablet for any length of time - lock it up so no one else can use it. If you keep protected data on a flash drive or external hard drive, make sure they are encrypted and locked up as well. For desktop computers, lock your screen or shut-down the system when not in use.
7. Safeguard sensitive information - Be aware of regulated, restricted, or confidential data that you come into contact with and its associated restrictions. Review Brandeis’ Written Information Security Policy to understand data protection level requirements. In general:Keep high-level personally identifiable data (e.g., SSNs, credit card information, student records, health information, etc.) off of your workstation, laptop, or mobile devices Securely remove sensitive data files from your system when they are no longer needed Always use encryption when storing or transmitting sensitive data Unsure of how to store or handle sensitive data?  Email us at security@brandeis.edu.
8. Use smartphones and tablets safely - Considering how much we rely on our mobile devices and how susceptible they are to attack, you'll want to make sure you are protected:Lock your device with a PIN or password - and never leave it unprotected in public.Only install apps from trusted sources (Apple AppStore, Google Play).Disable services you don’t need, like location services for certain applications or contact sharing. Keep the device's operating system up-to-date.Don't click on links or attachments from unsolicited emails or texts. Click on the sender’s name in emails to verify the sender’s address if the message is suspicious. Avoid transmitting or storing personal information on the device.Encrypt your devices. Consult your device's documentation for available options.Use Apple's Find my iPhone  or the Android Device Manager tools to help prevent loss or theft.
9. Install and use antivirus software - Antivirus software comes in many forms and has evolved to be proactive, but it stills is just one layer of protection. Computers provided by Brandeis ITS use enSilo, and McAfee is available for personal devices.
10. Backup your data - Backup data regularly. Computers provided by ITS include Code42’s cloud backup service. Manually backup data on personal computers to external hard drives or your cloud storage solution of choice. If you’re the victim of a security incident, the best way to remedy that will be to erase the contents of your device and reinstall the operating system.