Information Security

Information Security

This web site is provided by the Swarthmore College Information Security Committee.  Martin Warner, registrar, is chair.  All comments are welcome.

Phone and email security

Beware of email asking for passwords or other personal information.  Such email often appears to be from a trusted source -- but isn't.  Swarthmore ITS will NEVER ask you for your password by email.  Banks would not ask you this way, either.  Don't fall victim to this threat, called "phishing."

By phone or email, someone may request sensitive data while claiming to be a student, an alumnus, or a technology help desk worker. At these times it is vital that we verify that the person really is who they claim to be.

Never open emailed attachments or URL links you get by email unless you are expecting them or completely trust them. Attachments and URL sites can contain harmful viruses. Remember that the sender's name can be forged or spoofed.

Workstation security

Lock your door(s) each time you leave your office. Close and lock your windows each evening.

"Lock" your computer when you leave your desk. For PC's press CTRL+ALT+DELETE at the same time then click on Lock Computer. To unlock your computer, press CTRL+ALT+DELETE and enter your password. For Macs, set the computer "system preferences" "security" to require a password to awake it from "sleep" and always put it to sleep when you leave your desk.

Do not download software such as screensavers, games, or other programs from unverified sources.

Shut down the computer every night.

Shred and purge documents in a timely manner.

Passwords

  • Make passwords at least eight characters long
  • Do not use a user name, a real name or company name
  • Do not use a complete dictionary word
  • It should be significantly different from previous passwords
  • It should contain characters from each of the following groups:
    • Uppercase and lowercase letters
    • Numbers
    • Symbols (!,@, #, $, %, etc.)

Do not enable the Save Password Option. Make it mandatory for you or someone else trying to access your computer, to enter your password on all applications.

Don't share your passwords with supervisors or co-workers.

Laptops

Laptops should not contain on their hard drives personally identifiable client data or saved passwords.

Never leave a laptop (even inside a laptop case) in a public area. Always take it with you or lock it up in a concealed, secure place.

Taking files home for work

Consider the security of private documents at all times.

Third party contractors

Before providing any confidential information to third party vendors, get their security policies in writing for approval.