Computer & Online Security Tips

Resources, tips, and tools to help you keep your computer secure and operating properly.

Update Software Regularly

Regularly updating your software helps prevent vulnerabilities from developing. Setting up automatic updates ensures that your software will always be up-to-date. Refer to the following links for more information on how to set up automatic updates:

• Setting up automatic updates on Mac OS X
• Setting up automatic updates on Windows

Use Strong Passwords

Passwords are the number-one target for hackers and cybercriminals. Having passwords that are unique and difficult to guess can reduce the chance of your information being compromised.

• Passwords should be long and complex
• Never share your passwords with anyone
• Keep your passwords secure and avoid writing them down
• Create a unique password for every account

Use Updated Anti-virus Software

Using anti-virus software on your computer and devices helps prevent viruses and other forms of malware from being downloaded. Here is a list of available antivirus software:

• For personal Mac OS X computers: Sophos
• For personal Microsoft Windows computers: Microsoft Security Essentials
• For university-owned MacOS X computers: Symantec Endpoint Protection

Beware of Phishing Scams

Phishing is when hackers attempt to steal your personal information by impersonating a trusted source. These scams include e-mails or text messages that appear to come from trusted sources and ask you to click on a link, which takes you to a phony site. Once there, you are asked to input personal information. If you do so, the phisher will use your information to access your accounts.

Avoid phished by:

• Typing in the original URL, rather than clicking on a link provided in an e-mail (i.e. if it says it links to iastate.edu, type in iastate.edu in your address bar instead of clicking the link).
• Never providing a password or username in an e-mail or over the phone.
• Checking the URL of the link provided in every e-mail to see if it is one you recognize.
  • To do this, hover your cursor over the link and check the lower left-hand side of your web browser to see if the link is authentic.
• Not opening e-mails or attachments, downloading files, or following web links from unknown sources. 

Verify a Website's Security

The website design will appear the same as the original one so there is no point in examining it to find a difference. However, the phishing URL cannot copy the official URL of the website so check these items to identify phishing:

• Name of the website is usually misspelled (e.g., “www.paypal.com” is written as “www.paypai.com” or “www.paypol.com”)
• * “HTTPS” connection is missing - check if the “Lock icon” at the start of the address bar is "Red" it should be “Green” or “Gray”
• Check the Security Alerts - Phishing E-mails frequently for recent attacks

* The number of hishing sites hosted on HTTPS pages is rising significantly faster than general HTTPS adoption. The green or gray paddlock (i.e., HTTPS certificate) indicates the data is encrypted in transit and has no indication the site is secure and legitimate. An HTTPS site is not less vulnerable than a non-HTTPS site. 

Backup Data Regularly

Regularly back up research files, class work, and other important information to a separate storage device to prevent the permeant loss of important information or documents.

To back up data, visit the corporate website of the operating system your computer is running, if not listed below.

• Mac OS X
• Windows

Use a Firewall

Use a firewall to filter out unauthorized traffic from the Internet. For more information, visit:

• Mac OS X Firewall
• Microsoft Windows Firewall

Secure Mobile Devices

Mobile devices often contain personal and sensitive data, posing a security risk to both individuals and the university. Wireless mobile traffic may be unencrypted and can be intercepted. It is recommended you use a passcode on your device to protect personal and university data. If your device is lost or stolen, you can contact the Solution Center to explore ways to remove data from your mobile device remotely.

Use Iowa State’s Virtual Private Network

When accessing sensitive data from an off-campus connection, be sure to use Iowa State’s virtual private network (VPN) to access the network safely and securely via your computer or mobile device.

More Tips

Check out FTC’s free online security tips and resources, and share with your friends, family, co-workers, and community.