Safe Computing

Information security resources for both personal and Princeton computing.

locks

Information Security Policy

All students, faculty, and staff should familiarize themselves with Princeton's Information Security Policy.

Secure your devices

Apply vendor software updates
  • When vendors release updates, hackers can determine how to break into systems that have not been updated. 
  • Your device’s operating system and application programs should be configured to apply or notify you of automatic updates when available.
Run up-to-date antivirus software
  • Your antivirus software should be configured to apply updates automatically and as frequently as possible. University-managed devices have antivirus software installed.
Confirm the security of software or mobile apps before installing
  • Check with the Information Security Office (infosec@princeton.edu) to determine if the software is recommended for University use. 
  • For personal software, read product reviews and download software from reputable sites (e.g., vendor websites, official app stores, etc.)
Limit other systems’ ability to access your devices

The following is applicable to personal and University-unmanaged devices:

  1. Restrict network access to your system, especially on a public or home network (e.g., set up your system to not be discoverable, not share network folders, and not accept remote desktop connections). 
  2. Use firewall software and/or hardware to prevent other computers from accessing your system.
Avoid doing every day work using an account with administrative privileges
  • Set up your day-to-day account with user-level privileges (University-managed devices are set up this way). Since user-level accounts typically cannot install software, viruses cannot be installed and executed on your system without entering the administrator ID and password.
Lock unattended devices
  1. Anyone who can access your unlocked device can do whatever you can do on your system, so:
    1. Set an automatic screen lock to 15 minutes (or less) of inactivity. 
    2. Manually lock logged-in devices whenever they are left unattended. 
    3. Use a cable lock on portable devices.
Wipe your devices before discarding, donating, or repurposing.
  • Deleting a file does not actually erase it. Systems delete files by marking the storage space the file occupies for reuse. Until that space is reused, the data is still there. For more information on data destruction services at Princeton, see knowledge base article #9913.

 

 

 

Secure remote learning, teaching, & working

Keep a clean machine

If you’re using a personal device for business, follow the instructions outlined by the Information Security Office.

  • Keep software up-to-date, including antivirus software
  • Enable a firewall
  • Install operating system patches
  • Visit the ISO’s position paper for helpful links                                                         
Connect securely
  • Secure your home network.  For help, see the ISO’s webinar and handout on securing your home network.
  • Take advantage of Virtual Private Network (VPN) technology, which improves security by encrypting all data passing between your devices and the organization providing the VPN service. This service is required to access a number of University services from off campus. It can also be useful by providing additional protection when connecting to public wireless, like in a coffee shop. To learn how to configure your VPN at Princeton, visit knowledge base article #6023.
  • Use eduroam secure wireless where it's available on campus and in other locations (eduroam is an international service).
Secure videoconferencing
Always be on alert for scams

Always be on alert for scams, specifically phishing (through email) and vishing (by phone).  Remember to visit the University’s Phish Bowl for the latest phishing alerts.

More information about remote working, teaching, & learning

 

 

Secure your data

Know the sensitivity of data
  • Information is considered sensitive if its exposure to unauthorized individuals would cause financial or reputational loss, including information that: 
    1. Can result in identity theft, such as social security numbers, account numbers, driver’s license numbers, birth dates, passwords, etc. 
    2. Is protected by law or contract, or would pose any other risk to the University, if exposed. 
  1. Without understanding the sensitivity of the information held on your devices, you may inadvertently make sensitive information available to unauthorized individuals. Visit the Protect Our Info website to learn about the administrative data classifications at Princeton:
    1. Restricted
    2. Confidential
    3. Unrestricted within Princeton
    4. Public
  1. Visit the Princeton Research Integrity & Assurance website to learn about research data classifications"
    1. Level 1 - Benign information about individually identifiable people
    2. Level 2 - Sensitive information about individually identifiable people
    3. Level 3 - Very sensitive information about individually identifiable people
Explore storage options

For a list of storage options available at Princeton, visit: 

Control access to sensitive data
  1. Always ensure that individuals to whom you give information are properly authorized. 
  2. Make sure that, for any files and folders containing sensitive data, you indicate who specifically can access those files and folders and what they can do (e.g., read only, update, delete). 
  3. Beware of individuals using social engineering techniques to gain your confidence and trick you into giving away personal information or access to data. 
  4. Review your privacy settings on social media sites. Information you share could be used to steal your identity or be viewed by a prospective employer, etc.
Encrypt sensitive information when transmitting it over a network
  1. Unencrypted, sensitive data can be viewed when it travels across the internet or is transmitted over an unsecured wireless network.
  2. When you send sensitive information to a web application, look for a lock icon displayed on your browser. It tells you that the traffic is encrypted. 
  3. Be careful when your browser shows that the identity of the target website cannot be verified (also known as a certificate warning). It may be a counterfeit site.
  4. Virtual Private Network (VPN) technology improves security by encrypting all data passing between your devices and the organization providing the VPN service. This service is required to access a number of University services from off campus. It can also be useful by providing additional protection when connecting to public wireless, like in a coffee shop. To learn how to configure your VPN at Princeton, visit knowledge base article #6023.
  5. Use eduroam secure wireless where it's available on campus and in other locations (eduroam is an international service).
Encrypt sensitive data on your devices
  1. If you store sensitive information on your computer, mobile device, or storage medium, encrypting your information reduces the risk of it being exposed if the device is lost or stolen. 
  2. Ask your IT support person or the OIT SOC at (609) 258-HELP for recommended encryption products.
Do not use email to exchange or store sensitive information.
  1. You should assume that any email message sent to or received from an off campus address is at risk for exposure. 
  2. If you must send or receive sensitive information via email, use secure file sharing methods.  For more information,visit the Send Files Securely webpage.
Use discretion when surfing the web
  1. Be suspicious of unsolicited web messages, warnings, popups, and free services.
  2. Avoid unknown or questionable websites. 
  3. Before clicking a link, view the website’s address by passing the cursor over the link (but not clicking). The website address that displays should point to a site name that you expect. 
  4. Use incognito browsing when conducting web searches of a sensitive nature.
Beware of the phishing threat
  • Phishing is a scam that tricks you into providing personal information while pretending to be from a legitimate institution or someone you know.
  • Reputable organizations do not ask for personal information.
  • Be discerning when clicking links or attachments. 
  • If you receive a suspicious message to your princeton.edu email, see if it has been reported to The Phish Bowl. If the suspicious message has not been reported, forward to: phishbowl@princeton.edu.
  • For additional information, visit our phishing information webpage..

 

 

Lock down your login

Create long, strong, and unique passwords
Use an encrypted password manager
  • Use an encrypted password manager to generate, remember, organize, and fill in your passwords. Princeton offers LastPass password manager accounts to students, faculty, and staff for free. For details, visit our LastPass webpage.
Enable two-factor authentication
  • Add another layer of protection to your accounts by using two-factor authentication (2FA) (also referred to as multifactor authentication - MFA) . You are required to use DUO two-factor authentication to access many Princeton resources.  View knowledge base article #1207 to get started. 

  • Note that DUO is an independent, third party application and can be used to secure many personal accounts. Visit TwoFactorAuth.org to view a list of websites that offer 2FA, and visit TurnOn2FA.com to learn how to set them up.

 

 

 

 

 

 

Learn about reporting incidents

reporting incidents button