Incoming students: Secure your devices and data
July 14, 2020
Jessica Murray
Share |
Illustration of MIT students surrounded by cybersecurity symbols.
Illustration: Runming Dai

Learn about creating your digital MIT identity and computer discounts available to students in our previous article Start your digital life at MIT.

As an incoming MIT student, it is important to understand that you are now a target for hackers and scammers. In order to protect your computer, personal information, and data, Information Systems and Technology (IS&T) recommends that you take a number of precautions. All of the software and services referenced below are licensed by the Institute for use by community members at no extra cost.

Back up regularly

Backing up your computer regularly enables you to recover quickly from a lost, stolen, damaged, or compromised computer. IS&T offers CrashPlan, a cloud-based backup solution that will run in the background to automatically back up all your data, ensuring that new files and changes are saved.

NOTE: Cloud storage services like Dropbox and Google Drive are not substitutes for full system backups. Only true backup services like CrashPlan will allow you to fully recover all of the data and information on your computer in case of disaster.

The IS&T Knowledge Base (KB) has instructions for obtaining and using CrashPlan.

Enable automatic updates

One of the most important things you can do to protect your computer and mobile devices is to enable automatic updates of their operating systems and applications. Not applying critical security patches and updates can leave your device vulnerable to attack.

Encrypt your devices

Implementing whole disk encryption will protect the information on your device in case it is lost or stolen. IS&T recommends BitLocker for Windows and FileVault for Macs. For your mobile phone, enabling encryption is as easy as setting a password.

Run security software

IS&T recommends that you download and install CrowdStrike, which protects your computer by looking for bad behaviors instead of just known bad files. Certain actions are logged to a central repository where they are analyzed for anomalous or suspicious activity using CrowdStrike’s machine learning algorithms. CrowdStrike is available from the IS&T software grid for Linux, Mac, and Windows clients and the KB has installation instructions.

Running Sophos Anti-Virus software is also recommended. Sophos provides traditional anti-virus capabilities and can also block access to websites that contain malicious code. It can be downloaded from the software grid and the KB has installation instructions for Linux, Mac, and Windows clients.

Use a password manager

It is good cybersecurity practice to create strong, unique passwords for all of your accounts, at MIT and elsewhere. Using the same password for multiple sites is never a good idea; once a password is compromised, attackers will try to access your accounts on other apps and services.

IS&T recommends that you use a password manager to generate, store, and manage original, secure passwords. IS&T offers LastPass Enterprise to MIT community members, which encrypts your passwords before storing them and makes them easily accessible to you on your computer or mobile device.

The KB has a guide on how to get started with LastPass.

Use MIT’s VPN

The MIT Remote Access Virtual Private Network (VPN) enables you to connect securely to Institute resources even when you are working away from campus.

MIT’s VPN also provides you a safer way to use free public WiFi by encrypting your connection, ensuring that nobody nearby can eavesdrop on your activity. It also guarantees that you will use MIT’s domain name services and not be unknowingly directed to a rogue DNS server that could send you to malicious websites. IS&T strongly recommends always using the Institute’s VPN when on public WiFi, whether or not you need to access MIT resources.

Beware of phishing scams

MIT community members are popular targets for email scams like phishing. Attackers try to trick recipients into doing things like purchasing gift cards for them, sharing passwords through fake login pages, or installing malware via malicious attachments. Common scams pretend to be from IS&T, department heads and deans, or other companies and services you may use (e.g., UPS). The best defense against phishing attempts is to not click on links or download attachments in any email that you weren’t expecting, even from someone you may know.

If you are ever unsure about the legitimacy of an email message or want to report phishy emails, please forward the email as an attachment to phishing@mit.edu. The IS&T Security team will take steps to protect the community from the scam. You can also review examples of phishy emails that others at MIT have received in the MIT Phish Bowl.

IS&T is here to help!

If you have any security-related questions or need to report a security incident while at MIT, email the IS&T Security Team at security@mit.edu.

Don’t hesitate to contact IS&T’s Service Desk with any computing questions 24 hours a day, 7 days a week and be sure to follow IS&T on Twitter, Facebook, Instagram, and Snapchat to keep up with important cybersecurity news at MIT.

FYI for incoming @MIT students: You can get MS Office for no charge, courtesy of the 'Tute! Exciting, right?! Get it from IS&T's software grid at https://ist.mit.edu/office

Learn about all of the software and cloud-based services you have access to while you’re an MIT student in our next article Get useful software and cloud services.