Top 10 Security Best Practices

Below is a list which may help keep you safe and your computer secure both online and offline. We are all at risk and the stakes are high - to your personal and financial well-being, and to the University's standing and reputation. If you have not followed some of these tips before, this information can function as a security checklist. For instructions on how to implement these steps, visit the included links or contact the IITS Help Desk.


1. Software

Only install applications, plug-ins, and add-ins that are required. Every time you install something you are also installing all of that software’s vulnerabilities. Be mindful of what you install and which vendors you are selecting software from. Sticking to only required software from well-known sources is an easy way to reduce risks.

2. Updates and Patches

After installing, update! Failing to install updates and patches can leave the door open for malware to infect your device.  Most major developers are very responsive with security updates and patches and work hard to get them out very quickly to fix exposed vulnerabilities. Make use of their efforts; update your device OS as well as any applications or add-ins you have installed. Turning on automatic updates is recommended.  If you are Faculty or Staff, ensure that you are a member of the IITS Managed Desktop environment and we’ll take care of it for you!

3. Anti-virus

Install, frequently update, and regularly scan using anti-virus software.  For personally owned Windows machines, Microsoft Security Essentials (Windows 7 and Windows 8) and Windows Defender (Windows 10) are free and effective. For personally owned Mac’s, Avira is free and is the UofT recommended solution.For Staff and Faculty, Anti-Virus software is already part of our IITS Managed Desktop. For more information and links to software please go to the UofT Anti-Virus page.

4. Passwords

Have a password or PIN set for login to all devices; don’t leave any device password free. Choose a strong password for your services and devices and ensure they are all different from one another. Reusing a password for multiple services can cause a single compromise to spill over to all of your accounts. Change your password frequently and ensure your passwords are nice and strong.

5. Encryption

You should encrypt all of your devices. For the most part all newer phones and tablets support encryption. If you are going to be transferring any data that is not fully public on portable media such as a USB drive you should have that device encrypted.

For more information on encryption:

6. Backup

Backing up your data is a sure-fire way to protect you from the unexpected. It’s worth it to keep a few months’ worth of backed up data if you can and make sure that you can retrieve files easily from whatever backup solution you select. For staff and faculty, if you have any questions regarding backup solutions, please contact the UTSC Help Desk for information.

7. Physical Access

Don’t leave your computer or device unattended and logged in or in an unsecured area ever. Be aware of the state and location of your mobile devices at all times. If you have a mobile device it’s a good idea to have some method of locating and remotely managing your device such as Blackberry Protect or the Find My iPhone app. If you are a UofT employee you have responsibilities to limit physical access to any sensitive data you may work with, please see the UofT Information Security Guidelines for what the requirements are.

8. Firewalls

Windows and Apple computers come with built in firewalls. When configured properly they can help to protect your computer. Generally, you will always want your windows firewall turned on.

9. E-mail and Internet Safety

Beware of phishing emails that request information about you or others you may have had contact with. It’s best to exercise a high level of caution with any email that seems out of place and only open attachments from parties you are fully confident in. UofT staff will never ask for your password by email. Don’t browse websites that produce a browser security alerts and be mindful with what you download and what sites you visit.

10. Stay Informed

Make yourself aware of security issues as well as any specific polices that may apply to data in your care as part of your roll here at UTM. If you are UTM staff or faculty please make yourself familiar with the policies below.

Adapted from "Top 10 Secure Computing Tips" - UC Berkeley, and "10 Security Best Practice Guidelines" - UTM ITS.