Online Safety & Security

Safe computing means being appropriately informed about the security implications of our digital choices: what we click, where we go, what information we give out, how we keep information safe. You don’t need to be an expert to learn some safe computing skills that can reduce your risk and give you more control over your digital space. This page covers four important skill sets: Securing your device, email security, safe browsing, and password management.

Device security

• Updates are the single most important security protection in your digital life. If you change one behavior after reading this, it should be to update your devices and installed apps diligently. The best case is to set updates to occur automatically.

• Anti-virus software is needed on all major devices, including Apple computers.  Note that this is just one of several critical security measures: anti-virus protection is not a cure-all, but it is essential. Fortunately, there are plenty of great, free antivirus software options available, and they mostly run in the background.

• Password protecting your device isn’t just about preventing physical access to the device, it also helps protect against remote attacks and from rogue software. 

Email security

• Gmail 2-step verification is an extra layer of security on your account. Periodically, you’ll encounter a second authentication request when you log in, like entering a one-time code sent to your phone. 2-step verification can be set up for your Oxy email account. While 2-step verification isn’t a security guarantee it does make accounts drastically more secure, especially from remote attacks. 

• Phishing is the most common form of cyberattack. Use caution when opening emails you weren’t expecting. Verify that the request within the email is legitimate before providing any personal information. Do not follow any links unless you trust the destination, or open any attachments unless you are absolutely sure what they are about and who the original sender was. See our phishing page for more information.

Safe browsing

• Intentional browsing means only visiting sites that you’ve evaluated to be safe, as opposed to following a maze of ads and posts. Similarly, manually navigating to a site’s main landing page is safer than relying on, say, a random emailed hyperlink. If you’re unsure about a link, Google’s site status page will analyze it for you.

• Exercise reasonable suspicion The internet is not an inherently safe space. Here are some warning signs that should make you suspicious:

  • You get an unexpected email that urgently needs you to do something. See our phishing page for more information and what you should do. 

  • Your browser is using a different search engine than Google, Bing, or other known, legitimate service. Instructions on changing it back.

  • Your browser warns you that a site isn’t safe. Don’t go to that site.

  • Your email service warns you about a specific email. Report it to ITS (helpdesk@oxy.edu) and reach out to the sender outside of email.

  • A tech support service contacts you unexpectedly. Call ITS at x2880 or the company calling you via a phone number on their web page.

  • The site you’re visiting raises pop-up windows, background windows, or additional tabs. Stop using this page and check Google’s site status page to make sure it is legitimate.

  • The site you’re visiting goes through several redirects before loading your final destination. Ensure the URL still starts with a recognizable term.

  • The site you’re trying to visit isn’t the one that’s delivered. Do not visit that site.  Close the tab.

  • You’re asked for sensitive information on non-encrypted sites (i.e. those sites without addresses beginning “https” or that don’t display a lock-icon in your address bar). Don’t enter any private information. Start browsing again from a known page.

• Form a baseline of “normal” behavior for your computer, so that you’ll recognize when something is off. This means noticing what an OS prompt looks like, what your browser’s default homepage looks like, etc. Attacks will often attempt to impersonate a service you trust but fail to get it just right: the font, language, styling or behavior may be slightly different from the real thing. This is your clue to exercise greater care or seek help. When in doubt you can always call ITS at x2880.

Password Management

• Password managers are tools that store your passwords in a high security vault. Many password managers integrate with your browser, allowing them to fill in passwords, store new or changed passwords, and generate random passwords. When you use a password manager, the number of passwords you need to remember sharply decreases, freeing up some mental space for better passwords for your most important services. LastPass and 1Password are two popular choices—both services have a good free options. 

• Picking a new password can be hard. Often we choose weak variations on existing passwords. ITS recommends a complex password or using the passphrase method, where your password is 3-5 random words without special contortions like word substitution. This makes for strong, memorable, unique passwords. A longer (>16 characters) simpler password is better than a shorter (<8 characters), more complex password.

Additional Information:

• https://staysafeonline.org/
• https://www.fightcyberstalking.org/
• https://www.us-cert.gov/ncas/tips/ST04-013
• SANS Tip of the Day
• SANS Monthly Newsletter