Purchase Cyber Security
USE A STRONG PASSWORD OR A PASSPHRASE AND NEVER SHARE IT WITH ANYONE
• Use a strong password for all of your accounts – a mix of upper and lowercase letters, numbers and special characters –at least 8 characters or longer. Review the College’s Password Policy and complexity requirements at https://www.purchase.edu/reset.
• Never reuse passwords for different accounts.
• On your home computer, turn OFF the guest account - or limit access privileges for that account.
• NEVER write a password down, and NEVER share it with anyone. Purchase College will never ask you to verify your credentials or your password. Your password is your identity, and should never be shared with anyone for any reason.
NEVER LEAVE MY COMPUTER UNATTENDED IN PUBLIC LOCATIONS
• While security cable locks may serve as a theft deterrent, many have been shown to be ineffective against a determined thief.
• Never leave your computer unattended.
• If you need to leave your computer unattended in your car, place it in the trunk or in some location where it is not visible to a passerby.
• Use anti-theft software on laptops and mobile devices to help protect your data in the event of a theft.
KEEP MY COMPUTER’S SOFTWARE UP-TO-DATE
• Configure your computer to download and install system and application updates automatically. Due to the number of patches, it is quite cumbersome to manage patches manually.
• Patch software on your personal computer and check whether you are running the latest version of your browser and browser plug-ins like Java and Adobe Reader.
SAFEGUARD MY COMPUTER WITH ANTIVIRUS SOFTWARE AND A PERSONAL FIREWALL
• Configure your computer’s antivirus software to update automatically every day. New viruses are being discovered on a regular basis, which puts your computer and information at risk if the antivirus on your computer is not updated regularly.
• Most operating systems, including Windows and Macintosh OS X, have firewall software built in.
Check to ensure that this software is enabled. This will help stop attempts to break into your computer.
SAFEGUARD PURCHASE COLLEGE DATA, SUNY DATA, AND MY OWN PERSONAL DATA
• Do not store sensitive data on CDs, DVDs, USB thumb drives, and other types of removable media that can be easily misplaced or stolen. If storing sensitive data on such media is necessary, make sure that the data is encrypted.
• Be familiar with the College and SUNY policies regarding Use of IT Resources, acceptable and unacceptable uses and email guidelines. See Computer Ethics and Usage Policy.
• Perform regular backups of your data.
THINK BEFORE I CLICK
• Never open unexpected email attachments. If in doubt, verify authenticity by phone or email before opening the message or the attachment.
• Don’t get lured in by phishing emails. Learn how to recognize telltale signs of phishing emails.
• When in doubt, ask someone at CTS whether the message is a phishing attempt, or a legitimate message.
• Take the Phishing test, and see how you fare: http://www.sonicwall.com/phishing/index.html
USE CAUTION WHEN DEALING WITH EMAIL AND OTHER FORMS OF ELECTRONIC COMMUNICATION
• Avoid transmitting sensitive data via email and other insecure means of communication. If it is necessary to send sensitive data via insecure means, ensure that the data is encrypted.
• Never provide your password or other sensitive information in an email or in a response to an email. A request to do so is likely to be a phishing attempt.
TREAT MY MOBILE DEVICE LIKE ANY OTHER COMPUTER
• Smart phones, tablets, and other mobile devices are just small computers - and they suffer the same security issues as traditional computers. Your pledge to maintain cyber security applies to mobile devices and tablets too.
• Configure a password or passcode on your device.
• Install antivirus software and a firewall, if available.
• Ensure that you’re running the latest version of your device’s operating system.
• Ensure that you’re running the latest version of any applications installed on your mobile device.
• Disable or uninstall applications that you don’t use.
• Disable wireless and Bluetooth if not in use.
• Enable encryption mechanisms, if available.
• Regularly backup any data on your mobile device.
• Follow secure mobile device disposal practices.
REPORT SUSPECTED SECURITY CONCERNS IMMEDIATELY
• If you suspect your computer has been compromised, contact the CTS Help Desk at 914-251-6465 or email us at email@example.com.
• If you suspect any other type of breach in the security of Purchase College Computing resources, contact the University Police at 914-251-6911.
HELP PROMOTE CYBERSECURITY AWARENESS
• Share the Cybersecurity Pledge with your friends and colleagues.
• Raise awareness of good security practices among your friends and colleagues, and keep an eye out for poor security practices (e.g. a password written on a sticky note and in plain sight, a computer left unattended in a public location, etc.).
• Do your best to assist your friends and colleagues with cybersecurity, and know where to direct them if you’re unable to assist.
• Protect yourself from identity theft and learn what to do if your information is compromised.
The computer settings mentioned in this document are the Standard configuration for Purchase College provided desktops and laptops, and many of these settings are not subject to change by anyone outside of CTS.
Check your home computer to ensure that it also contains similar anti-malware software and configuration settings, and use STRONG passwords or passphrases for ALL of your online accounts.
We encourage you to contact CTS if you have any cybersecurity questions. You can reach us by phone at 914-251-6465, by email at firstname.lastname@example.org, or through a Work Order at https://www.purchase.edu/WOT/CTS
Campus Technology Services
Purchase College, SUNY
Work Orders: https://www.purchase.edu/WOT/CTS