Common Best Practices

These items should be performed once:

  • Configure your operating system to automatically download and install the latest updates.
    • Browse to Start > Settings > Control Panel > System.
    • On the Automatic Updates tab, select the check box next to Let Windows keep my computer up-to-date.

    Apple OSX users should install security updates when prompted by "software update," or by visiting http://www.apple.com/support/downloads.

  • Install and use a reputable anti-spyware program.
    • While there are many anti-spyware programs available, Webroot Spysweeper and Spyware Doctor are two anti-spyware programs that come highly recommended by industry experts.
  • Several of the most popular options are Webroot Spysweeper, Ad-Aware, and the Microsoft Malicious Software Removal Tool.

These items should be performed every day:

  • Run an antivirus software. 

These items should be performed every week:

  • Run a complete scan of your computer using your chosen anti-spyware software.
  • Check your browser history.
    • In your browser, click the history button or press ctrl+h.
    • Examine the last few entries. If they are not sites you've visited, an investigation needs to explain how and why these sites were accessed.

These items should be performed every month:

  • Check the web site for whichever antivirus software you are using.

These items should be performed every quarter:

  • Change your password every 120 days.
    • Make sure you use well-formed, secure passwords. Visit the User Credentials Standards page for help creating a password that is difficult to guess, yet easy to remember.

These items should be performed always:

  • Open email attachments only if you are expecting them from people you know.
  • Always use strong passwords, and keep them secret.
  • Never click on links in an email, even if they are from someone you know. Type the address in your browser window instead. 
  • Never check your Purdue email account on a "free" or "public" Internet kiosk or Internet Café.
  • When off campus, access Purdue directories only through VPN.
  • Lock your keyboard when you step away from your computer for even a moment. A quick stroll down the hall is plenty of time for someone to slip in and read your information. Or worse. To lock your Windows computer, press and hold the Windows logo key and press "L".
  • If possible, close and lock your office door when leaving your computer.
  • Never store sensitive personal information such as your bank account information or Social Security numbers on your computer.
  • Do not open files sent to you in Instant Messaging (IM) or peer-to-peer (P2P) programs.
  • Do not set your computer to automatically log in.

For a more detailed and complete listing of security expectations, read the Security Checklist.