Berkeley Lab

Computer Security Annual Training (SEC 0201)

Skip to end of metadata
Go to start of metadata

Other threats

    Risk: Public computers increase chance of stolen credentials

    If you use a public computer or a computer at another institution that's compromised, your account and password can be stolen. If you need to use a public computer, use caution when using your credentials and reset your password from a known secure computer afterwards.

    Skip Prompt: Do you use SSH to connect to Linux/UNIX systems?

    • Yes. Continue reading.
    • No. Move to the next tab.
    • What is SSH? Move to the next tab.

    Stolen SSH credentials are costly

    The most costly cyber incident type at Berkeley Lab is stolen SSH credentials. As mentioned in the beginning of the training, one stolen credential can be a big problem.

    Prevention

    Risk: Theft of mobile devices

    Theft of mobile devices (laptops, tablets, and phones) harms us in two ways:

    1. The financial cost of the loss, and
    2. The loss of data and accounts on the device.

    Recall Personally Identifiable Information (PII) is prohibited on all devices. But this is particularly important for mobile devices, which are more susceptible to theft and loss.

    Prevention: Use caution and backups

    Use common sense to protect your mobile devices. For example, do not leave them in plain view. A simple way to prevent loss of data or account information is to use one of our backup services .

    Smart Phones

    Use a PIN or some form of access key to protect your data. Most mobile phone thieves want to sell the phone, not look at your data. But if the phone doesn't have any protection, the thief may look around and find data or emails you don't want to share.

    AntiVirus for phones? Although it is possible to target phones with viruses and malware, we haven't seen much of this yet. And anti-virus options for smartphones are limited. We will continue to monitor this area and update our advice if this changes.

    Report theft or loss

    If your device is stolen, fill out our Report Lost or Stolen IT Assets form.

    Risk: Legal action

    The most common example of unacceptable use at Berkeley Lab is copyright violations. If copyright violations involve Berkeley Lab IT, they put Berkeley Lab at risk from legal action. (Read more about acceptable use .)

    Prevention: Don't illegally download copyrighted materials

    Do not illegally download copyrighted or unacceptable materials using Berkeley LabIT. This includes using your own device but accessing content via Berkeley Lab networks - your illegal download can be traced back to Berkeley Lab.

    Violations most commonly occur when people leave BitTorrent clients (a method to download large files) running on their personal computers, illegally download copyright material, and bring it to the Berkeley Lab.

    We respond to unacceptable use and copyright violations

    If we detect illegal content on Berkeley Lab IT, we will require you to remove it. After your first violation, we will involve your supervisor. Read more about how we respond to unacceptable use (Berkeley Lab password required).

    Risk: Inappropriate Information

    Berkeley Lab is an unclassified, open research environment. No form of classified work and no classified material are permitted at Berkeley Lab (both Secret and Top Secret, at the L and Q clearance levels and the equivalent markings used in other USG agencies). UCNI and NNPI information is also prohibited at Berkeley Lab.

    However, while not classified, some types of unclassified information require additional controls. During the course of your work, you may come across information marked official use only (OUO).

    Researchers: Avoid OUO

    If you receive OUO in the course of your work, you may be engaging in work that falls outside of our open science portfolio. Contact the Berkeley Lab Export Control Officer for guidance, 510-486-7096. Encourage your collaborators to not mark information for open science as OUO. If you do have to receive OUO, protect it per our management and storage requirements. 

    Operations staff

    Some operations staff may receive limited amounts of OUO. If you receive OUO, protect it per our management and storage requirements.