Best Practices & Procedures

Which best practices would you like to view?

Email

Cybercriminals are quite clever in installing malicious software on your PC or obtaining sensitive information without your knowledge.  Here are a few tips to help you practice safe computing. 

  1. Don't open email attachments unless you are expecting the file from a person you know. 
    Even then you must be cautious since someone can spoof another person's email address.  (Spoofing is when someone sends an email to you and makes it appear as if it came from someone you know, like a friend, family member, or colleague.)  If you can't verify that an attachment is legitimate, delete it.
  2. Don't click on links within an email message.  
    Although the links may appear to be legitimate on the surface, the embedded link may actually take you to a different site with the goal of installing malware or to steal sensitive information.  For example, let's say you received an email with the following sentence:  Visit the Penn State Behrend web site.  Notice, that if you hover over the link for "Penn State Behrend" in the previous sentence, the URL behind the text is actually http://msn.com, not http://behrend.psu.edu.
  3. Be cautious if asked to confirm your password or other sensitive information via email.  
    Phishing scams involve messages that appear to come from a legitimate company, such as a bank or university, and ask that you click on a link to update or verify your personal information.  Penn State University does not use email to confirm your password or other sensitive information.  However, if you think the message might be legitimate, contact the company directly to see if you really need to take any action or not.

Computer Systems

  1. Don't download unfamiliar software from the Internet and be aware of add-ins when installing software or applications.  
    Many free software packages, apps, and add-ins can collect personal information, generate pop-up ads, or install malicious software --- sometimes without your knowledge.  Frequently, these options are automatically checked, so be sure to uncheck the boxes or decline the offer before beginning the installation.
  2. Create a strong password and use a unique password for each account.  
    Strong passwords are those that are not easy to guess and are at least 8 characters in length and use a combination of letters, numbers and special characters (if allowed by the site or application).  Also, enable security questions, if available.    
  3. Use Multifactor Authentication (MFA) to prove it's really you. 
    MFA adds another layer of security.
  4. Make sure that the latest patches are installed for your operating system and software applications.  Also, it’s recommended that you enable Microsoft Windows Defender (which is part of the Windows 10 operating system) rather than using a 3rd party product.
  5. Reboot your machine after installing updates or patches.  Many software updates will not take effect until the computer is restarted.

Sharing Files

  1. When sharing Office 365 content, it's advisable to select the most restrictive option that makes sense for your purpose.  Generally, it's best to share content with select individuals.  (Unless, of course, the content is intended to be shared with the entire University community.)

Administrative Rights to PSU Systems or Devices

The principle of least privilege means that only enough access is given to allow someone to complete typical computing tasks.  This reduces the risk of attackers gaining access to your systems, devices, and data.

More information regarding the University's policy on securing Penn State's IT assets can be found in AD95 - Information Assurance and IT Security.

What are the benefits of least privilege?

  • Prevents unauthorized and malicious use of your system and software.
  • Adds a layer of security against many types of spyware, viruses, and Trojans. If infected, the limited nature of basic rights status prevents the aforementioned objects from fully installing themselves on a workstation.
  • Minimizes data leakage.  Having more users with elevated privileges increases the chance of data loss.
  • Minimizes system/network slowdowns.  Problems that users create on their own systems affect not only those systems, but also the network.
  • Prevents data encryption by bad actors.

What if I need additional access beyond least privilege?

There are cases in which you may need increased access rights.  For example:

  • Some hardware devices or software applications may require administrative rights to install.
  • Connecting new devices or printers may require administrative rights for driver installation.
  • Some system utilities may require administrative rights.

In these instances, you may request a change in your administrative rights for a computing system or device.  To do so, complete the Administrative Rights Request for Penn State System or Device form.  

Are there other reasons why I may need to increase my access rights?

Yes, you may need to request administrative rights if:

  • The application that needs to be updated or reconfigured
  • The laptop or mobile device that is NOT on campus on a regular basis (i.e. at least once within 90 days)
  • You need to test hardware devices on a regular basis or test new software (that is not already available in the Software Center)
  • You will be traveling abroad with a laptop or mobile device

Again, please complete the Administrative Rights Request for Penn State System or Device form.

Are there any alternatives to requesting increased access rights?

Yes --- when it's related to software.  In many cases, if you have software that needs administrative rights, we can add that software title to the Software Center.  This will allow you to install the software on your system or device without the need of obtaining additional access rights.

To request a software title be added to the Software Center, please submit an IT ticket.