By following a few basic rules, users can help reduce security risks, keep the Institute’s IT infrastructure running efficiently, and generally make the best use of shared IT resources.
Note that the Institute’s IT Services will never send you an email asking for passwords under operational, maintenance or security pretexts.
How to reduce security risks
Often, the safest procedures are not necessarily the most convenient ones, but they can reduce the risk of data loss, computer viruses, and online scams.
Logins, passwords and secured connections
- Choose strong passwords for your accounts. Passwords should be at least 8 characters long, with a mix of numbers, upper and lower-case letters and special characters;
- Passwords should be easy for you to remember without being obvious for someone else to guess. Passwords should not be words found in a dictionary;
- Never write down your passwords. Think of a way to remember them;
- Periodically change your passwords;
- Never give out information about your username and password to anybody. Especially do not answer emails, purportedly sent from a legitimate source, that claim the presence of an emergency security problem and ask you to send your username, password or other personal data;
- If you need to step away from your computer, use the “lock” feature by pressing “Windows Key + L”. However, please be respectful of other users and do not leave public workstations locked. If you need to leave a public PC for an extended period of time, please do log off so that others can use the computer. The Service Desk staff periodically logs off inactive users, which can lead to loss of data if you have left your workstation unattended;
- Do not install or run software obtained from dubious sources such as BitTorrent;
- Make sure you are using anti-virus software that is up-to-date;
- Regularly install updates for your operating system;
- Unknown computers and/or computers without anti-virus protection could be infected by computer viruses and in turn infect any USB key that is plugged in. Always save important documents on multiple USB keys/drives or email them to yourself to guard against the possibility of a single storage device becoming infected or corrupt;
- Suspicious email messages and attachments should be deleted immediately, without ever being opened.
- Do not click on unknown links in emails;
- When you click on a link that leads you to a login page, always verify that you are using the correct address of the login page.
There are often combinations of circumstances that lead to the loss of one’s important data or an entire hard disk. Backups can reduce the damage caused by such loss.
- Back up your data: USB drives are readily available and provide a cost-effective means for that;
- There is more you can do. For example you may want to encrypt confidential files, the content of USB keys.
As the number of public workstations is limited, please follow the rules below as a courtesy for the IHEID Community:
- Computers in the lab are intended exclusively for academic work;
- Keep socializing and conversations to a minimum to avoid disturbing fellow users. In particular, avoid making phone calls from the Computer Labs;
- Treat the IT equipment with the care you would give your personal property;
- Each person authorized to use the Institute’s computers has a personal IHEID IT Login (with the exception of Executive Education participants who use their Business Center). Never give out information about your username and password to anybody. You will be held responsible for any costs incurred as a result of possible misuse of your account by anyone with whom you have shared your login information, including printing fees. No requests for refunds will be accepted in such scenarios;
- Keep in mind that it is illegal to download copyrighted material without proper authorization from the copyright holder. If you violate this policy, your IHEID IT Login will be suspended and both your Programme Director and the Head of Administration will be informed;
- Use of peer-to-peer (P2P) software, is strictly prohibited. If P2P software is required for your studies, please contact IT Services to get the appropriate authorization. If you violate this policy, your IHEID IT Login can be temporarily suspended and both your Programme Director and the Head of Administration will be informed.
IT - Contact email / 259 - MCS - v1.10 / 10.09.2014