Good Security Practices to Adopt at Work/School, and at Home

Summary

This article provides information regarding good security practices to adopt at work, school, and at home. 

 

Content

Separate Work/School and Home

Avoid using your USNH email address as your username for any personal accounts and never use your USNH username as the username for a personal account. Keeping a clear separation between your USNH username, password, and email and your personal accounts, usernames, passwords, and email addresses helps protect you, and the University.

  • Don’t use your university email as the username for any account not associated with University resources.
  • Provide a personal email as the email address associated with any non-university account.
  • Do not use the same password for more than one account.
  • Do not use the same password for work accounts and personal accounts, but really - do not use the same password for more than one account.
  • Keep a segregation between your business and personal online presence.

Back to Top

 

Use Strong Passwords

  1. Make your password a sentence or passphrase instead of a single word.
  2. Do not use single dictionary words for your password, even if you use symbols and numbers (examples: Generalization01! and 4cc0nt4bil1ty).
  3. Password should be between 14-64 characters with no complexity (for example, it can be all lowercase) and no limits on special characters.
  4. Password shall not contain characters repeated 4 or more times. Examples: bbbb, 8888, TttT,&&&&.
  5. Passwords shall not include the user’s first, last, or preferred name, the user’s USNH username, or the user’s USNH ID.

An example of a strong password is a sentence that contains at least 14 mixed characters and is easy to remember. For example, if you chose "my dog is named Rex" as your passphrase, you can create a very strong password by eliminating the spaces and replacing some letters with numbers and symbols "myd0g!snam3dR3x".

Back to Top

 

Use Unique Passwords

Using a separate password for every account is your best defense. At a minimum, you should separate your work and personal accounts, using a personal username (not your UNH username or email) and a password that is different from the one you use at work for all personal accounts. Make sure that you are using strong, complex passwords on your most critical accounts like those used for online banking, managing credit cards, etc.

Back to Top

 

Avoid Easily Guessed Password Selection Methods

Using a password selection method that is easily guessed or decoded by cybercriminals makes it easier to break into your account, even if you are using a strong, unique password. For example, if you use Johnnysmith1974! for one account, J0hnNySmith1974! for another account, and jOHNnysMITH1974! for a third account -- you may be following basic guidelines for creating strong, unique passwords, but your accounts will still be easy to compromise for experienced hackers.

Back to Top

 

Use a Password Manager

Password Managers, like LastPass and Dashlane, allow you to have unique, strong passwords for each account without making you remember each individual password. These tools remember your password for each online account and you only need to remember one "master" password . See Password Managers 101 for more information on this kind of tool.

Back to Top

 

Use Multifactor-Factor Authentication (MFA) Whenever it is Available

You can further protect yourself by using the strongest method of authentication available on each site/application you access because your username and password may not be enough. Multi-factor authentication (MFA) options like biometrics, security keys, or the use of a unique one-time code through an app on your mobile device make it harder for unauthorized users to access your accounts.

Back to Top

 

Be Skeptical of Every Email, Every Link

If you don’t know the sender, didn’t request anything from that company, or think something looks suspicious, don’t open it, don’t click it, just delete it. Emails can contain malware that will automatically download when you open the email. Emails and social media posts can contain links that take you to malicious websites looking to steal your personal information.

Back to Top

 

Watch for Phishing emails

Learn how to spot phishing emails and get in the habit of checking The Phishbowl before responding to any emails that seem suspicious. Phishing is an attempt to acquire confidential information such as account passwords, identification numbers or credit card details by pretending to be a trusted entity in electronic communications including email, texting and instant messaging. Phishing is dangerous and can lead to financial risk and identity theft.

Back to Top

 

Keep Software Current

Having the latest version of all the software and applications you use is the best defense against viruses, malware, and other online threats. This includes your web browser, operating system, mobile device operating system, and anti-malware/anti-virus/security software. Also ensure you are accepting updates from third-party applications like Adobe Acrobat Reader, Adobe Flash Player, Java, and Microsoft Office applications as outdated versions contain vulnerabilities that are frequently exploited by cybercriminals.

  • Make sure all devices you use to conduct university business have up-to-date anti-malware software installed and that each device is being scanned on a regular basis.
  • Make sure all devices you use to conduct university business are receiving operating system updates and that those updates are being applied on a regular basis.

Back to Top

 

Further Readings

Password Managers 101

What's the Deal with Publicly Posted Credentials? 

The Phishbowl 

How To Stay Safe Online - National Cybersecurity Alliance 

 

Need additional help?

Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request.  For password issues you must call or visit the Help Desk in person.