Common Best Practices

These items should be performed once:

• Configure your operating system to automatically download and install the latest updates.
  • Browse to Start > Settings > Control Panel > System.
  • On the Automatic Updates tab, select the check box next to Let Windows keep my computer up-to-date.

  Apple OSX users should install security updates when prompted by “software update,” or by visiting http://www.apple.com/support/downloads.

• Ensure all computers you use or control have an up-to-date, supported antivirus software installed.   
  • For home computers, or Purdue work computers not supported by an IT service, download and install McAfee VirusScan.
  • There are many other acceptable antivirus solutions commercially available.
  • Whichever solution you use, be sure you are subscribing to the service on an ongoing basis, and that your software updates itself frequently.
• Turn on your Windows XP Internet Connection Firewall:
  • For more information about using ICF, see: http://www.purdue.edu/securepurdue/docs/icf.pdf
• Install and use a reputable anti-spyware program.   
  • While there are many anti-spyware programs available, Webroot Spysweeper and Spyware Doctor are two anti-spyware programs that come highly recommended by industry experts.

  Several of the most popular options are Webroot Spysweeper, Ad-Aware, and the Microsoft Malicious Software Removal Tool.

These items should be performed every day:

• Make sure the McAfee icon in your system tray looks like this:   
  
  If it does not, you may have a problem. Contact your IT help service.

These items should be performed every week:

• Run a complete scan of your computer using both McAfee and your chosen anti-spyware software.
• Check your browser history.   
  • In your browser, click the history button or press ctrl+h.
  • Examine the last few entries. If they are not sites you've visited, an investigation needs to explain how and why these sites were accessed.

These items should be performed every month:

• Check the SecurePurdue Web site for the latest updates and patches to McAfee VirusScan, or check the Web site for whichever antivirus software you are using..

These items should be performed every quarter:

• Change your password every 120 days.
  • Make sure you use well-formed, secure passwords. Visit the password guidelines page for help creating a password that is difficult to guess, yet easy to remember.

These items should be performed always:

• Open email attachments only if you are expecting them from people you know.   
• Always use strong passwords, and keep them secret.
• Never click on links in an email, even if they are from someone you know. Type the address in your browser window instead.   
• Never check your Purdue email account on a “free” or “public” Internet kiosk or Internet Café.   
• When off campus, access Purdue directories only through VPN.   
• Lock your keyboard when you step away from your computer for even a moment. A quick stroll down the hall is plenty of time for someone to slip in and read your information. Or worse. To lock your Windows computer, press and hold the Windows logo key and press ‘L’.
• If possible, close and lock your office door when leaving your computer.
• Never store sensitive personal information such as your bank account information or Social Security numbers on your computer.
• Do not open files sent to you in Instant Messaging (IM) or peer-to-peer (P2P) programs.
• Do not set your computer to automatically log in.

For a more detailed and complete listing of security expectations, read the Security Checklist.