5 tips for data security at home
Protect the Trojan community – keep cybersecurity in mind. Follow these five tips – they apply in the office, and at home:
Never share your UserID and password
Use a strong and secure password or passphrase for all of your accounts to stay safe online. Never share your password with anyone – that’s giving that person the authority to use your identity and act on your behalf.
If you receive an email from someone claiming to be a USC staff member and asking for your password, do not respond. A legitimate administrator or IT support person will never ask for your password.
Note that while you’re away, you can share email or calendar information with someone by delegating access – without sharing your user ID and password.
Use a Password Manager to protect your passwords
Password managers (such as 1Password and LastPass) can prevent password-reuse attacks, in which attackers break into a website, compromise users’ email addresses and passwords, and try to use the stolen information to login to other sites. These attacks are typically successful because many people re-use the same username/email and password combination on multiple websites. Once you’ve replaced all your old, re-used passwords, password managers make it possible and easy to use a different random password for every account and synchronize across all your devices.
Need help creating a strong password/passphrase? See this TrojanSecure webpage.
Use two-factor authentication for an extra layer of security to your online accounts
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify their identity (an example is USC’s Duo system). This process better provides a higher level of security than single-factor authentication, in which the user provides only one factor – typically, a password or passcode. 2FA methods rely on a user providing a password, as well as a second factor like a security token or biometric factor (such as a fingerprint or facial scan). Obviously, the more hoops an attacker has to hurdle to access your devices or online accounts, the less likely it is to happen.
This website contains information on websites that support 2FA.
Be mindful of how you use and share sensitive data
Personally Identifiable Information (PII) is any data that can identify a person. PII includes unique identifying data such as medical records, Social Security number, driver’s license number, financial accounts, email addresses, login credentials and passwords, addresses, phone numbers, and birthdate.
Safeguarding PII is a critical responsibility. The loss of PII can result in substantial harm to individuals, including identity theft or other fraudulent use of the information. You should not collect PII unless your specific job responsibility requires you do to so. Likewise, only access or use PII when you need that information in the course of your official duties. Minimize the sharing of PII to reduce the risk of a privacy breach.
Consider when it’s best to log off or lock your computer
If you walk away from your computer while it’s unlocked or logged in, you risk compromising your personal information or account. The easiest way to prevent unauthorized or even inadvertent access to your desktop, in any setting, is to log off or lock your computer when you are away. What’s the difference?
- Logging off of your computer ends your session and programs and documents will be closed. Log off when you will be away from your computer for a while, but will return. This allows for a faster start-up time compared to a shutdown and allows for software updates to process while the computer is unattended.
- Locking your computer keeps your programs running and documents open but brings up the login screen when you return to use your computer. Lock your computer if you will be away for a short amount of time. This is the quickest and easiest way to secure your computer and access your desktop when you return.
Please follow your school/department best practices and guidelines for logging off and locking your device.
Properly secure USC’s data – at work and at home – to protect the entire Trojan Community including fellow employees, students, patients, parents, alumni, and vendors. For questions about data security or to report a suspicious email/text or account compromise, email firstname.lastname@example.org. For additional tips and resources visit trojansecure.usc.edu.