Follow these guidelines to help keep your information secure.
Keep devices and software updated
- Regularly check your devices and software for available updates and install them when they are available. These updates often contain patches for critical security vulnerabilities. For even better security, you can set your devices and software to update automatically, when possible, so the updates will be applied even when you forget to check.
Use strong and unique passwords
- Use long and unpredictable passwords for each of your accounts, and be sure each account has a unique password. Passwords should NEVER be reused across more than one account. Enable multi-factor authentication (MFA or 2FA) on all accounts that support it. Using MFA greatly reduces the likelihood of an account breach. Pay particular attention to securing the email accounts that you use for recovering passwords. If a criminal obtains access to an email account that is used to recover passwords for other accounts, the criminal may be able to gain access to your accounts on all of those systems as well.
- Familiarize yourself with common phishing tactics and have a plan for what to do if you believe you are being targeted for phishing or fraud. NEVER click on links in emails. Instead, attempt to locate the information you are seeking using other methods like searching official websites. You will find more information about avoiding phishing attempts on the Office of Information Security’s website at the following link:
- Make sure your mobile device is encrypted
- On iOS, your device is encrypted if your passcode lock is enabled. If your iOS device asks you to enter a passcode to unlock it, encryption has been enabled.
- On Android, newer versions (Marshmallow and later) will have encryption enabled by default. Please be sure to set a passcode lock to complete the process of securing your device.
- For older Android devices, users will still need to enable the passcode lock on the device, but they will also need to visit their ‘Security’ options in the global settings app. There, you will find an option to enable encryption for your device. Please note that the process can take a couple of hours, so we suggest doing it at a time when your phone can remain plugged in and available until encryption is complete.
- Make sure your computer is encrypted
- On macOS, open ‘System Preferences’ then select “Security and Privacy.” At the top of that window, you should see an option for ‘FileVault.’ To encrypt your device, make sure ‘FileVault’ is turned on.
- On Windows, an application called BitLocker handles encryption. For step by step directions for enabling BitLocker on your Windows machine, please see the link below.
- Better Protection with Encryption | Office of Information Security | Washington University in St. Louis
- Encryption | Office of Information Security | Washington University in St. Louis
- Avoid using public wifi whenever possible, and be sure NOT to transmit sensitive information while on a public wifi network. If a public wifi network doesn’t have any security (like a password) or a login portal (like you see when a network redirects you to an official site to enter credentials before gaining access) then the network is unsecured. You should avoid using these networks whenever possible, and you should never use them to transmit anything sensitive or personal like bank accounts or credit card information. It is a best practice to avoid transmission of any personal data over any public network, but this is particularly important for unsecured public networks.
Secure your devices
- Never leave devices unattended and unlocked. Be sure to log out of or lock user accounts before walking away from your devices. Your WashU account information shouldn’t be shared with anyone, including family and friends.
Avoid posting private and contact information in public places
- Be very careful where you post any personal or contact information on the internet. Criminals often use this sort of publicly posted information for direct attacks or to build an impersonation attack that targets the colleagues, friends, or contacts of the person with the published contact information.