Good Security Practices to Adopt at Work/School, and at Home

Separate Work/School and Home.

Avoid using your UNH email address as your username for any personal accounts and never use your UNH username as the username for a personal account.  Keeping a clear separation between your UNH username, password, and email and your personal accounts, usernames, passwords, and email addresses helps protect you, and the University.   

Use Strong Passwords.

  1. Make your password a sentence or passphrase instead of a single word.  
  2. Do not use single dictionary words for your password, even if you use symbols and numbers (examples: freed0m and fr1endsh!p)
  3. Use 8-15 characters that include uppercase and lowercase letters, numbers, and symbols. 
  4. Avoid familiar password construction patterns which often have a capital letter first and include numbers and symbols at the end like Aloha11! or include the number at the beginning and symbol at the end 11Aloha!.
  5. Avoid using iterative passwords like Aloha01!, Aloha02!, Aloha03!, etc.

An example of a strong password is a sentence that contains at least 12 mixed characters and is easy to remember.  For example, if you chose "my dog is named Rex" as your passphrase, you can create a very strong password by eliminating the spaces and replacing some letters with numbers and symbols “myd0g!snam3dR3x”.

Use Unique Passwords.

Using a separate password for every account is your best defense. At a minimum, you should separate your work and personal accounts, using a personal username (not your UNH username or email) and a password that is different from the one you use at work for all personal accounts.   Make sure that you are using strong, complex passwords on your most critical accounts like those used for online banking, managing credit cards, etc.

Avoid Easily Guessed Password Selection Methods

Using a password selection method that is easily guessed or decoded by cybercriminals makes it easier to break into your account, even if you are using a strong, unique password.  For example, if you use John1974! for one account, J0hn1974! for another account, and jOHN1974! for a third account – you may be following basic guidelines for creating strong, unique passwords, but your accounts will still be easy to compromise for experienced hackers.

Use a Password Manager.

Password Managers, like LastPass and Dashlane, allow you to have unique, strong passwords for each account without making you remember each individual password.  These tools remember your password for each online account and you only need to remember one "master" password .   See Password Managers 101 for more information on this kind of tool. 

Use Second-Factor Authentication Whenever it is Available.

You can further protect yourself by using the strongest method of authentication available on each site/application you access because your username and password may not be enough.  Multi-factor authentication options like biometrics, security keys, or the use of a unique one-time code through an app on your mobile device make it harder for unauthorized users to access your accounts.

For more information on SmartAuth, UNH's multi-factor application, see: https://www.unh.edu/it/kb/article/smartauth-usnh-multi-factor-authentication-service.html

Be Skeptical of Every Email, Every Link

If you don’t know the sender, didn’t request anything from that company, or think something looks suspicious, don’t open it, don’t click it, just delete it.   Emails can contain malware that will automatically download when you open the email.  Emails and social media posts can contain links that take you to malicious websites looking to steal your personal information.  

Keep Software Current.

Having the latest version of all  the software and applications you use is the best defense against viruses, malware, and other online threats.  This includes your web browser, operating system, mobile device operating system, and anti-malware/anti-virus/security software.  Also ensure you are accepting updates from third-party applications like Adobe Acrobat Reader, Adobe Flash Player, Java, and Microsoft Office applications  as outdated versions contain vulnerabilities that are frequently exploited by cybercriminals.

Resources

https://staysafeonline.org/stay-safe-online/keep-a-clean-machine/hacked-accounts

Custom Fields
  • Author: UNH Information Security Services
  • Department: Information Security Services
Attached Files
There are no attachments for this article.
Related Articles RSS Feed
Tips to Avoid Malware
Viewed 1133 times since Thu, May 7, 2015
How to Determine if Your Windows Device is Automatically Updating
Viewed 509 times since Thu, Nov 2, 2017
Find sensitive data before the bad folks do!
Viewed 1012 times since Mon, Jun 27, 2016
ESI: Electronically Stored Information Procedures
Viewed 1838 times since Wed, Apr 29, 2015
UNH Server Best Practices
Viewed 1467 times since Fri, Jun 12, 2015
PCI DSS - Payment Card Security
Viewed 1872 times since Thu, May 7, 2015
FAQs- System Center 2012 Endpoint Protection, Microsoft Security Essentials, and Windows Defender
Viewed 4274 times since Wed, Aug 12, 2015
Encryption & Virus Protection
Viewed 2954 times since Wed, Apr 29, 2015
Red Flag Rule - Identity Theft Prevention
Viewed 1873 times since Thu, May 7, 2015
System Center 2012 Endpoint Protection Windows Usage Instructions
Viewed 3296 times since Wed, Aug 12, 2015
MENU