...
| Table of Contents | ||
|---|---|---|
|
Security Experts Recommend
Cyber Security recommends IT best practices to ensure the optimum security posture to protect your computing environment and your data. The diagram below demonstrates what users think is important to protect their computer, but cyber security experts state otherwise. Berkeley Lab IT recommends users adopt the following IT Best Practices.
The IT User Support Department would like to add additional best practices to the experts list.
Keep Your Software Up to Date
Keeping your system and third party software up-to-date is the number one thing you can do to protect your system. Some updates may require a reboot of the system so remember to save and close any open files to protect your data.
- Keep Windows system up to date
- Keep Apple system up to date
- Keep Google Chrome up to date
- Keep Mozilla Firefox up to date
- Keep Zoom up to date
Before doing updates, it is recommended you make a backup of your computer. Berkeley Lab IT offers Druva inSync for backup solution.
Install BigFix
BigFix Information is a widely adopted cross-platform endpoint management system utilized by private companies, government agencies, and academia. BigFix has a Patch Management module which can identify systems with applications that are out of date and allow system managers to take action to install patches and remediate issues. Berkeley Lab IT has adopted two modes, Active and Passive BigFix. BigFix can be downloaded from the Software Store.
- The Active Mode is recommended for most systems at the Lab, including laptops, desktops, and shared workstations.
The Passive Mode is used primarily for monitoring and reporting on system status, software licensing, and asset management.
Lastly, BigFix can help automate and manage your asset inventory. Berkeley Lab Property Management and IT have piloted a program to certify the existence of a DOE tagged asset. Any DOE-barcoded system running BigFix and present on the LBL network can be automatically verified for inventory purposes, without the barcode being scanned, see Help IT Automate Your Asset Inventory.
...
You should REBOOT your computer at least once a week. This a month. For Windows users, this reboot may occur a bit more often depending upon Windows Updates. Rebooting will ensure that all software updates are downloaded and installed in a system. This is one of the single most important things you can do to keep your system healthy.
Password Best Practices
There are three main strategies that can be implemented to increase your security posture. They are:
- Always use unique passwords. Utilizing the same password across several websites will make you vulnerable if one site is compromised all can get compromised.
- Utilize a password manager like LastPass. Password managers ensure that your passwords are maintained in a safe, encrypted vault and makes it easier for users to protect their online identities by using hard to crack passwords.
Use Unique Strong Passwords with LastPass
As recommended by cyber security experts using unique and strong passwords can increase your security posture.
Generating, remembering and maintaining unique passwords is challenging and nearly impossible. As the number of mandatory passwords, password length, and password complexity increases, it becomes harder to remember them without relying on risky alternatives such as writing passwords down or reusing passwords for more than one application. Utilizing the same password across several websites will make you vulnerable if one site is compromised, all can get compromised.
LastPass, a password manager, helps ensure that your passwords are maintained in a safe, encrypted vault and makes it easier for users to protect their online identities by using hard to crack passwords. Berkeley Lab has provided LastPass free of charge to Lab employees.
...
Utilizing a two factor authentication process helps protect your online accounts and access to your resources. Berkeley Lab HR’s move to UCPath in January 2020 requires the use of MFA to log into your UC benefits site. IT recommends everyone adopt MFA to provide you that extra layer of defense. Further details can be found on the MFA page.
Install
...
CrowdStrike / Anti-virus Software
LBNL Cyber Security has defined the Minimum Security Requirements and and all computers connected to the Berkeley Lab network must meet these requirements. One requirement is the installation of an antivirus software with automatic updates. Berkeley Lab IT has adopted Sophos CrowdStrike as the enterprise solution. Sophos CrowdStrike can be downloaded from the the Software Store and see CrowdStrike Information page for more information and installation instructions.
Backup Data
Your data is important so don't wait for that disaster. Be proactive and obtain a backup solution that meets your needs. Berkeley Lab IT offers Druva inSync as the enterprise backup tool, which can be purchased from the Software Store.
...
Low disk space can lead to poor reduced system performance and , problems with file integrity . You will want to and sometimes the inability to download current operating system and application updates. It is optimal to periodically clear browser cache/cookies and remove unnecessary data/software from your system. Remember you have unlimited disk space on Google.
Third party software tools claim they can help with system clean up. Do not install CCleaner on Lab computers.
...
