Create strong, unique passwords and passphrases. IU recommends using a short sentence as a passphrase. Your passphrase should contain at least 15 characters (127 characters maximum). Avoid reusing passwords at different sites, as this allows hackers to exploit a breach of one site across many sites.
Two-factor authentication provides an additional layer of security when you log in at IU. This helps protect sensitive data and guard against increasingly sophisticated email and online scams (for example, phishing attacks) that can leave you vulnerable to identity theft.
Utilizing a security certificate to digitally sign and encrypt email is recommended to secure email communications. A digital signature is a unique digital mark that verifies that an email message originated from the signer and that it has not been altered. It ensures that a message you're reading has not been changed since it was digitally signed, and that the message was not "spoofed" (sent by an imposter).
Learn more about secure messages with a digital signature (using S/MIME)
For sensitive email sent outside of Indiana University, the Cisco Secure Email Encryption Service (CSEES) can be utilized to provide protection of certain sensitive information when it leaves the IU network.
Learn more about the Cisco Secure Email Encryption Service (CSEES)
Research and intellectual property created during the conduct of research typically belong to the institution. This allows the institution to meet its contractual obligations to sponsors, including the federal government. Storing or processing university research on personally owned devices is often not permissible.
Keeping hardware and software current helps protect information on devices and associated networks. One unpatched device on a network can allow a hacker to gain access to the entire system. Most information technology (IT) departments automate system updates, and users who manage their own information systems should coordinate updates with their IT departments.
Updates should be installed as close to the vendor release date as possible to mitigate any security vulnerabilities that exist and reduce the exposure time of the vulnerable system to hackers and bad actors.
The principle of least privilege (PoLP; also known as the principle of least authority) is an important concept in computer security, promoting minimal user profile privileges on computers, based on users' job necessities. It can also be applied to processes on the computer; each system component or process should have the least authority necessary to perform its duties. This helps reduce the "attack surface" of the computer by eliminating unnecessary privileges that can result in network exploits and computer compromises. You can apply this principle to the computers you work on by ordinarily operating without administrative rights.
Encryption protects information by making it unreadable to those without the passphrase or digital key to decode or unlock it. Sensitive information can be protected using encryption at rest for storage and encryption in transit for network traffic when transferring data.
A virtual private network (VPN) allows you to temporarily create or join a private network across an existing public network by creating an encrypted connection between two hosts. This helps protect the data your computer or mobile device transmits and receives online. Many public wireless networks are not encrypted, leaving your data vulnerable to malign actors. Indiana University offers a free SSL VPN service for use by all IU staff, employees, and researchers.
C. Collin Rich
collinr@iu.edu
