Information is at the heart of any University, and Harvard is no exception. We create it, analyze it, share it, and apply it. As you would imagine, we have an expansive information technology infrastructure to support the mission of the University. These massive data sets, powerful infrastructure, and the reputation of the Harvard name makes the University a target of cyber criminals. There are many things we do to protect the University, but it is important to remember that “Security isn’t a service, but a goal we work to achieve together.” In these few minutes, I would like to focus on four behaviors that will improve your cyber security, both at work and at home.

With cyber security in the news, from retailer credit card theft to government record breaches- it can seem like there is nothing you can do to stay secure. If that’s how you feel, I would ask you to consider this. Every day, most of you get sit in a metal box and accelerate it to 60 miles an hour. Perhaps faster, for some of you. Driving seems inherently unsafe, and much of it is out of your control. However, a few small actions such as seatbelts, keeping alert, and avoiding distractions make a huge difference in your personal safety. In the same way, the internet can be very unsafe- but there are four small actions you can take that will make a big difference to you internet security. Lets go through them now.

Click Wisely Click only links and files that are expected, and only from people you trust. First, Click Wisely. I’m sure you’ve gotten phishing emails, bogus emails designed to trick you into clicking a link or opening a file. Don’t fall for them. Instead, only click links or files you were expecting- and only from people you trust. Read URLs closely and be suspicious. If you see a phishing email that looks like it was targeted at Harvard, using our logos or branding- please report it. It will help us limit the potential damage.

Use Strong Passwords Create passwords that are unique and hard to guess. Use 2-step verification where available. Next, Use Strong Passwords Picking a password that is hard to guess but easy to remember is very difficult. It gets harder when you have to create a new one for all the dozens of accounts you have. We have some guidance on how to make strong passwords on our website, but the best advice I can give you is to use a password manager. A password manager will keep track of all your passwords for you, and you only have to remember one. One strong password is definitely better than dozens of bad ones. Good password managers use 2-step verification- meaning you have to know something, like your password, and have something, like your phone, in order to get into your account. It’s the single most powerful thing you can do to protect your accounts, and its available for many services like Google, Apple, Facebook, Twitter, etc. *Update for Harvard Key and LastPass when available

Apply Updates Set your software to auto- update. Install updates, and restart if needed. Next, Apply Updates. You know how your phone and computer is always asking for updates? Most of the time those updates are to address a security problem. You’re not the only one who sees those updates, the bad guys do too. Once an update is out there, its like a race to see if you can apply the update before a cyber criminal can use it against you. So, whenever possible, leave automatic updates on and make sure to restart your computer at least once a week so those updates can take effect.

Know Your Data Follow the policy to secure sensitive data. If you don’t need it, delete it. Finally, Know Your Data. Not all information is the same. Some of it is supposed to be public and shared with the world. Some data you work with, however, is sensitive and needs to be handled differently. How you handle it depends on what it is, and what you’re doing with it. To make sense of it- we have an information security policy website that will help you identify what information you have and how to protect it. The most important thing to remember is this, delete data if you’re not using it. Lost or stolen devices are a problem, and lost or stolen data makes it so much worse. The best way to avoid lost or stolen data is to not keep copies of it.

Report Harvard phishing Check URLs Report Harvard phishing 2-Factor Password Manager Enable Automatic Updates Weekend shutdown So to review. Click Wisely: Read the links closely and be skeptical because phishing is a very common thing you should be expecting. If it looks like its from Harvard, but is actually a phish- report it. Otherwise, just delete it. Use Strong Passwords Create strong passwords with no personal information like names or hobbies Use a Unique password for every account, if you have too many accounts then use a Password Manager to accomplish this. Turn on 2-step verification where you can, its available for most accounts and you can find it in the security options. Apply Updates Turn on automatic updates and leave it on. Don’t put off those updates when they are offered. Know Your Data Understand the data you’re handling and how to protect it, the guidance is all at policy.security.harvard.edu Don’t keep copies “just in case”, delete it if you don’t need. Keeping safe online isn’t hard. You can protect yourself from almost everything you encounter by practicing these behaviors. Delete old data policy.security.harvard.edu

security.harvard.edu To get more details about these behaviors, using services securely, and all the services we can offer- visit security.harvard.edu. We are happy to help with anything related to information security.