University of Wisconsin–Madison
Glyph of padlock

Securing Your Computer

 3 minutes to read | Last updated Feb 11, 2017

UW-Madison’s Electronic Devices Policy requires all campus users to run anti-virus software, keep security patches updated and, whenever possible, maintain a dedicated firewall. Follow the best practices in this guide to protect yourself — and to contribute to a safer computing environment for everyone.

Important!

If you are part of a department with its own IT resources, you should check with your department IT administrator before installing software or reconfiguring your work computer. If you are not part of a managed system, you are a student or you access UW resources from a home or other computer, you should take these steps yourself. You can discover cybersecurity and safety best practices and principles here.

  • Install free antivirus software

    Install free antivirus software, such as Symantec Endpoint Protection. It helps protect against and remove existing viruses and malware.

  • Use a firewall

    A firewall is software that runs directly on a computer (i.e. the host) and protects that host against attack from the network by controlling incoming and/or outgoing network traffic. Most operating systems have built-in firewalls, but you need to make sure they are turned on.

    Instructions for enabling your firewall

  • Use spyware protection

    Spyware is a type of software that is implanted on your computer without your knowledge. It secretly transmits information about your online activity and the data stored on your computer. It may come bundled with “free” software you download (e.g. browser toolbars, games, peer-to-peer applications).

    What does spyware do?

    Many things. It may collect data about your web browsing habits, change your home or search page, force you to certain websites, alter network settings or perform other actions.

    Is it harmful to my computer?

    It may be. Spyware may interfere with Internet Explorer or Windows and cause frequent errors or crashes.

    How do I detect and get rid of spyware?

    Fortunately software exists to help protect consumers from spyware and to repair the damage. Symantec Antivirus, free for UW-Madison for faculty, staff, and students, includes spyware detection and remediation capabilities.

    If you have already downloaded and installed Symantec AntiVirus, you simply need to do a scan of your files; you do not need to download additional software. See Symantec Endpoint Protection – Detecting and Removing Spyware for more details.

  • Keep your operating system and versions up-to-date

    Keep your operating system patched

    If the tires on your car were recalled because of a defect, you might still be able to drive on them, but you probably wouldn’t feel safe. The same is true of your computer’s operating system. Hackers rely on the fact that many computer users fail to install software patches on their machines, so they create worms and other malware to take advantage of these vulnerabilities. That’s why it’s important that you keep your operating system and security patches up-to-date. Simply running an anti-virus program is not enough.

    How do I keep my computer updated?

    It’s easy to configure your computer to automatically seek out security updates so that you don’t have to remember to do it manually. Then, when you get that little message that says “new updates ready to install,” all you have to do is install them.

    How to update Windows Security Patches

    How to update Mac Security Patches

  • Protect your NetID & passwords

    Use strong passwords

    Passwords are like passports or a blank check; if lost or stolen they give hackers a world of opportunity by providing access to your personal, financial and work data. The campus Password Policy helps you be proactive in selecting a strong passwords and managing them, to protect your identity and University resources. Once you’ve read and understood the password policy, you should change your NetID password and other campus passwords that do not meet the standards.

    Note: Many, but not all, campus passwords are used in conjunction with Oracle databases, for which there may be some exceptions to the password guidelines in this document. Those exceptions are noted in parentheses.

    Strong password characteristics

    • Are at least eight alphanumeric characters long
    • Contain at least three of the following four categories:
      • upper case characters (e.g., A-Z)
      • lower case characters (e.g., a-z) (Note: Oracle does not distinguish between upper and lower case in passwords.)
      • Digits (e.g., 0-9)
      • Special characters ( e.g., !@#$%^&*()_+|~-=`{}[]:”;'<>?,./) (Note: Oracle allows only the special character underscore (_) in a password, unless the password is enclosed in quotes.)
    • Are kept private. Passwords should be memorized or, if written down, kept in a locked file cabinet or other secure location.
    • Do not contain a common proper name, login ID, email address, initials, first, middle or last name

    Weak password characteristics

    • The password contains less than eight characters
    • The password is a word found in a dictionary (English or foreign) or a word in any language, slang, dialect, jargon, etc.
    • The password is the same as your user name or login name
    • The password is a common usage word such as names of family, pets, friends, computer terms, birthdays or other personal information, or number patterns like aaabbb, dddddd, qwerty, zyxwvuts, 123321, etc.
    • Any of the above spelled backwards
    • Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

    A few don’ts

    • Never reveal a password over the phone or in person to anyone. Not your boss. Not your family. Not your co-workers. If someone demands a password, refer them to this document.
    • Don’t reveal a password in an email message
    • Don’t talk about a password in front of others
    • Don’t hint at the format of a password (e.g., “my family name”)
    • Don’t reveal a password on questionnaires or security forms
    • Avoid writing passwords down, but if you must, store them in a secure place (e.g., a locked file cabinet)
    • Passwords should never be stored unencrypted on-line
    • Do not use the “Remember Password” feature of applications (e.g., Outlook, Thunderbird, Evolution)
    • Don’t use the default password, if one is provided. Change it immediately to a new, stronger password.
    • Don’t reuse old passwords. NetID passwords cannot be reused within a 12-month period, and passwords cannot be changed to any of the previous three passwords.

Get help!

The DoIT Help Desk can answer your questions or connect you with the right group.

Email the help desk

Report phishing and other abuse

If you encounter a suspicious email that claims to be from UW‑Madison and requests any personal information, do not respond to it or click any links! Instead,

Report abuse

Questions?

Email the DoIT Help Desk or call 608‑264‑HELP (4357).