Take steps to ensure that you are secure when working remotely
Working, teaching, and learning away from the MIT campus poses new risks to securing information. IS&T recommends that community members follow these best practices when engaging in activities remotely to help reduce the chance of the information and data you handle at MIT being compromised.
IS&T is committed to strengthening the security of MIT's infrastructure and information.
Even computers that don’t appear to have any valuable information can be attractive targets for attacks. Compromised computers and other devices can be used as a foothold allowing attackers to spread through the network. Networked devices in MIT's public IP space are constantly under attack from devices across the globe. IS&T provides a variety of security services and software to protect the MIT community.
Take steps to protect your computing and the information you handle at MIT.
- Enable automatic updates for your operating systems and software to protect against the latest security threats.
- Install Sophos Anti-Virus and CrowdStrike Falcon. Sophos protects your computer against known viruses, worms, and malware. CrowdStrike provides advanced protection against emerging threats, using machine learning to detect patterns commonly seen in attacks.
- Use a password manager such as LastPass to generate and protect strong, unique passwords.
- Back up your computers using CrashPlan. This cloud-based backup solution makes it easy to recover data from computers that have been lost, stolen, or damaged by malware.
- If you handle personally identifiable information (PII), install Spirion to help you detect and securely encrypt or delete files with sensitive information.
Beware of phishing and other scams
Phishing emails and email scams continue to be an effective way for scammers to steal credentials, install malware, or extort cryptocurrency. Many of these emails are targeted to a specific department or lab, and may appear to come from someone you know or do business with.
If an email looks suspicious, report it to firstname.lastname@example.org by forwarding the email as an attachment. The IS&T Security team will take steps to protect the community.
The Information Protection @ MIT website provides access to policies and guidance on safeguarding information at the Institute. The Awareness I: IT Security and Awareness II: IT Security courses are available in the Atlas Learning Center.
Report an IT security incident
It's important to report any IT security incident as soon as you are aware of it so the Security team can take proper steps to limit the impact and extent of loss, investigate, protect other members of the MIT community, and meet any regulatory or legal requirements.
If you believe a breach of MIT information occurred, immediately report the IT security incident by sending email to email@example.com or by submitting the form below. The IS&T Security team will contact you to evaluate the situation and determine the next best step. If necessary, they will assemble the Data Incident Response Team. You should not address these situations on your own, as that may corrupt forensic information needed to determine the scope of the issue and the risks to MIT.