Incoming Freshmen: Protecting your devices and data
July 24, 2018
Phil Johnson
Share |
Sign with the words Computer Security
Image: Phil Johnson

Be sure to sure read our earlier article for incoming freshmen: Creating an MIT online identity

You’ve gotten into the most prestigious technical institute in the world – a huge accomplishment! Sadly, though, MIT is a prime target for hackers and scammers. Here are some essential steps that you should take to keep your computer, data, and personal information safe.

Create strong, unique passwords

The most basic level of security is your password. Since your Kerberos account is used to access a wide range of MIT applications and services, such as email, Athena, and WebSIS, choose a Kerberos password that is as strong as possible and don’t use it for any other account.

Using the same password for multiple sites is never a good idea; if a hacker learns that password, they can potentially access other websites and accounts in your name. Information Systems and Technology (IS&T) recommends creating strong and unique passwords for each online account you create.

Read more about strong passwords and Kerberos password requirements in the IS&T Knowledge Base (KB).

Use a password manager

Keeping track of all those different, complex passwords can be hard. That’s where a password manager comes in.

IS&T offers LastPass Enterprise to MIT community members for free. LastPass remembers all of your passwords for you and can generate original, secure passwords. A master password and Duo multi-factor authentication are required to access your account’s password vault. All of your passwords are encrypted before they are stored on LastPass servers. The KB has a guide on how to sign up.

Run anti-virus and enhanced malware protection software

IS&T recommends that you run anti-virus software on your computer, which can detect malicious files and alert you if any are found. IS&T offers Sophos Anti-Virus at no charge; you can download the program from the department’s Sophos Anti-Virus page. Installation instructions are available in the KB for Linux, Mac, and Windows.

In addition to Sophos, IS&T offers and recommends installing CrowdStrike, which provides an additional layer of protection by looking for bad behaviors instead of just known bad files. Key activity is logged to a central repository where it is analyzed for anomalous or suspicious activity using CrowdStrike’s machine learning algorithms. Suspicious behavior is reported to IS&T’s security team, whose members then analyze the threat and take action if necessary.

You can download this software from IS&T’s CrowdStrike Falcon Host page for free. Installation instructions are available in the KB.

Back up regularly

Backing up your computer regularly and automatically is highly recommended. IS&T offers CrashPlan, a cloud-based backup solution. In the event of an unexpected loss of data, you will be able to restore your files from the cloud. This service is free to members of the MIT community.

Go to IS&T’s CrashPlan page to download the software, then select “New Account” and login with your Kerberos user ID and password.

Once that’s done, CrashPlan will automatically back up all your data. It will continue to run in the background once the initial backup finishes, ensuring that new files and changes are saved to the cloud.

Encrypt and tag your devices

To further protect your devices, IS&T recommends implementing whole disk encryption to safeguard everything on your computer in case it is lost or stolen. You’ll notice no difference in performance once your computer’s data is encrypted. For more information, see IS&T’s Encryption page.

Laptop tagging and registration is a free service for MIT community members, offered by IS&T with the support of the MIT Police. A STOP plate on a lost laptop or tablet can help return it to its rightful owner. The plate also works as a visual deterrent for thieves looking to quickly resell equipment. The plates are difficult to remove because of the use of superglue, but if thieves are successful at removing it, a “tattoo” stating that it is stolen property is left behind.

It’s also a good idea to get a cable and lock for your device. Read more here about property loss and recovery.

Do it before you arrive

When you take all of these security precautions, you’ll be well protected from data loss or corruption. It’s a good idea to implement as many of these protocols as possible before you arrive on campus, so you will be ready for hackers, phishing schemes, and thieves from day one. Better safe than sorry!

Keep an eye out for more blog posts to help you and other incoming freshmen get ready for MIT, and feel free to contact IS&T’s Service Desk with any computing questions.