Last updated Feb 21, 2024
UW–Madison’s Endpoint Management and Security policy (Source: policy.wisc.edu) requires devices that connect with UW–Madison online data to be actively managed and secured.
Follow the best practices in this guide to protect yourself — and to contribute to a safer computing environment for everyone.
Important!
If you work on a computer owned by UW–Madison, check with your department IT administrator before installing software or reconfiguring it.
If you are a student or you access UW resources from a home or other computer, please follow the steps below.
Follow these steps for your personal devices
This is an accordion element with a series of buttons that open and close related content panels.
Keep your devices' operating system (OS) and versions up to date
Why? Developers or others often discover vulnerabilities, or weaknesses, in a computer’s operating system (OS) or applications. These vulnerabilities provide hackers an opportunity to create malicious software (e.g., viruses, ransomware, bots, adware, worms, Trojans, etc.) that can infect your computer and steal your personal information. To counteract this, a security update (also called a “patch”) is created to fix these vulnerabilities in computer software code. So, it’s important to keep your OS and security patches up to date. Simply running an antivirus program is not enough.
How do I keep my computer updated?
It’s easy to configure your computer to automatically download and install security updates so that you don’t have to remember to do it manually. In most cases, the updates will install in the background, and you will not be asked to download and install anything. Once set up, it should be easy to ignore those fake updates or pop-up notifications generated by hackers.
How to update Windows security patches (Source: kb.wisc.edu)
How to update Mac security patches (Source: kb.wisc.edu)
Install and run free antivirus software
Faculty or staff:
- For personal Windows devices: UW–Madison recommends you use Windows Defender (Source: kb.wisc.edu). Windows Defender is a built-in antivirus app which is automatically installed on Windows devices.
- For personal macOS devices: Use Trend Micro (Source: kb.wisc.edu).
Students or emeritus:
- For personal Windows devices: UW–Madison recommends you use Windows Defender (Source: kb.wisc.edu). Windows Defender is a built-in antivirus app which is automatically installed on Windows devices.
- For personal macOS devices: Use freely available antivirus software (Source: kb.wisc.edu).
What do I need to do?
- Check if Windows Defender is enabled at Windows Defender – enabling antivirus threat protection & Windows Firewall (Source: kb.wisc.edu)
- Get instructions for Trend Micro – Installing Trend Micro AV on your personally owned macOS device (Source: kb.wisc.edu)
- Install only one antivirus program on your computer. Having multiple antivirus programs on one computer can cause conflicts.
- Always uninstall the antivirus software that came on your computer before installing the University’s recommended antivirus (uninstalling your antivirus software on your Windows PC will automatically enable Windows Defender).
Use a firewall
A firewall is software that runs directly on a computer and protects it against attack from the network by controlling incoming and/or outgoing network traffic. Most operating systems have built-in firewalls, but you need to make sure they are turned on.
Instructions for enabling your firewall (Source: kb.wisc.edu)
Protect your NetID & password and multi-factor authentication credentials
Passwords are like passports or a blank check; if lost or stolen, they give hackers a world of opportunity by providing access to your personal, financial or work data. The campus Password policy (Source: policy.wisc.edu) helps you select strong passwords and manage them so you can protect your identity and University resources. Once you’ve read and understood the password policy, update any campus passwords that do not meet the standards. If needed, go to change your NetID password (Source: mynetid.wisc.edu).
To help manage your passwords securely, consider using a password manager. Learn more about a free one available to campus members at Password Manager – LastPass Enterprise (Source: it.wisc.edu)
A few don’ts
- Never share your password or multi-factor authentication credentials with anyone, not your boss, not your family, not your co-workers. Doing so is against Universities of Wisconsin acceptable use of Information Technology resources policy (Source: wisconsin.edu) and violating it could result in suspension or criminal prosecution.
- Never use your NetID password on any other website. If you have done so, immediately change your NetID password (Source: mynetid.wisc.edu).
- Don’t reveal a password in an email message.
- Don’t talk about a password in front of others.
- Don’t hint at the format of a password (e.g., “my family name”).
- Don’t reveal a password on questionnaires or security forms.
- Avoid writing passwords down, but if you must, store them in a secure place (e.g., a locked file cabinet).
- Passwords should never be stored unencrypted online.
- Do not use the “Remember Password” feature of applications (e.g., Chrome, Safari, etc.).
- Don’t use the default password if one is provided (hackers can locate a default password easily). Change it immediately to a new, stronger password.
- Don’t reuse old passwords. NetID passwords cannot be reused within a 12-month period, and passwords cannot be changed to any of the previous three passwords.
Use multi-factor authentication on all personal accounts which offer it
Many personal accounts (such as financial institutions, credit cards, social media, shopping sites, etc.) offer the option of using multi-factor authentication (MFA) to help prevent hackers from getting into your account. MFA-Duo, which is required to use on campus, can also be used for adding your personal accounts. Enabling MFA on your accounts adds another unique layer of protection. A person trying to break into your account would need your user name, password, AND one of your devices/fob in their possession.
Install FREE WiscVPN to secure your wireless connection
WiscVPN software encrypts internet traffic between a home/remote personal or work computer and the campus network, allowing you to use the internet securely on open networks. It’s offered free to UW–Madison faculty, staff, and students. Learn about WiscVPN – How to install, connect, uninstall, and disconnect WiscVPN Palo Alto GlobalProtect (Source: kb.wisc.edu).
Be wary of web browser extensions
If you download a dangerous extension, you could inadvertently download malware, adware, and viruses.
What should you look for before downloading an extension?
- Check out the developers website to see if it’s a legitimate extension and not a different version offered by an unvetted source.
- Read the description of the extension. Watch for things that may be questionable, like tracking or data sharing.
- Read the reviews. Look for complaints of unusual glitches, or folks speculating that their data is being taken, or for any thing that strikes you as odd.
- Be picky and only download extensions that come from a trusted source and offer useful benefits.
Check to see what extensions are already installed on your device(s)
Google Chrome users: click the three dots to the right of the address bar, selecting “More tools”, then “Extensions.”
Firefox users: click the three horizontal bars next to the address bar, then “Add-ons,” then “Extensions.”
Safari users: click Preferences, then on the Extensions tab. All extensions enabled will have a checkmark in the box to the left of the icon in the sidebar.
Internet Explorer users: click the gear menu at the top-right corner and select Manage add-ons. Browser plug-ins are displayed under the Toolbars and Extensions category, along with any browser toolbars and other types of ActiveX add-ons installed.
Use notifications to help keep your accounts secure
Many personal accounts (such as financial institutions, credit cards, social media, shopping sites, etc.) offer notifications to help track the actions on your accounts. For example, you can set up notifications for actions such as purchases made with your credit card, account balance, minimum payment due, payment posted, password updated, user ID updated, etc. These notifications alert you to activities on your account and help to alert you to fraudulent activities.
You can also use computer notifications for account protection here’s how:
Mac: Change notifications preferences on Mac (Source: support.apple.com)
Windows: How to manage notifications for Windows Security features on Windows 10 (Source: windowscentral.com)
Backup your computer regularly
Computer backup is a process that copies all your files, data, and information to create another version. Backups protect against human errors, hardware failure, virus attacks, power failure, and natural disasters. Backups can help save time and money if these failures occur.
Find out how at Computing at UW – backing up your personal data (Souce: kb.wisc.edu).
Get help!
The DoIT Help Desk (Source: kb.wisc.edu) can answer your questions or connect you with the right group.
Report phishing and other abuse
If you encounter a suspicious email that claims to be from UW–Madison and requests any personal information, do not respond to it or click any links! Instead, click on the “Report Spam” or “Report Phish” located on the top right-hand corner of your O365 email account and in the “… ” at the top of the page in the most recent version of O365.
Related Docs
More guides on cybersecurity topics (Source: it.wisc.edu)