Skip to content Skip to site navigation

Protect Yourself and Stanford with Secure Computing Practices

Privacy and cyber security risks abound today. Below are ten highly effective ways to safeguard systems and information.

Understand Stanford’s Risk Classifications

Stanford uses a three-tier classification model (Low Risk, Moderate Risk, and High Risk) for categorizing data and systems by risk level. Understanding these classifications and how they apply to you is the first step in protecting yourself and Stanford.

Recognize phishing and other social engineering attacks

Most often motivated by financial gain, hackers frequently employ social engineering techniques to gain unauthorized access to data and accounts via email (“phishing”), text messaging (“smishing”), phone (“vishing”), or online services such as social networking.

To avoid becoming a victim, never provide personal information in response to an unsolicited email, phone, text message or letter, even if it appears to be from a friend or colleague. If unsure, contact the purported senders using information from their official website, as opposed to information provided in the unsolicited communication.

You can protect yourself and Stanford by learning to recognize a phishing email and reporting any suspicious email to spam@stanford.edu.

Available to departments on an opt-in basis, the University IT Phishing Awareness Service teaches your team to recognize malicious messages by periodically sending simulated phishing emails where the links open to brief training tutorials.

Keep your software up-to-date

New vulnerabilities in operating systems, web browsers, and other software are discovered daily. Updating software frequently prevents these vulnerabilities from being exploited.

BigFix is a broadly used service at Stanford that helps keep your laptop or desktop computer up-to-date. If unsure whether BigFix is already installed or needs to be installed on your machine, contact your local IT support team.

Back up your devices

Backing up your files protects your data against ransomware, accidental loss, and system failures. Code42 CrashPlan is Stanford’s recommended backup and recovery service for laptops and desktops. If unsure whether CrashPlan is already installed or needs to be installed on your machine, contact your local IT support team.

Encrypt your devices

Encryption protects your personal information and Stanford’s data to prevent unauthorized access in the event that the device is lost or stolen. The MyDevices website tracks your registered devices and their compliance statuses. The encryption guide walks you through the process of encrypting your devices.

Protect against malicious software

To protect against malicious software, install Stanford’s recommended antivirus software on your computer. If unsure whether an antivirus software is already installed or needs to be installed on your machine, contact your local IT support team.

Use approved Stanford services

The Risk Classifications website lists approved Stanford services corresponding to each risk level. Consult with your IT support team before using services that are not listed.

To get started using Stanford supported software, visit University IT’s Essential Stanford Software website.

Use a password manager

It is a best practice to use unique and strong passwords for each of your online accounts. Password managers facilitate the generation and secure storage of passwords. They also save you time and trouble by requiring you to remember only one master password to access the password manager.

Use secure email

When sending sensitive information (especially High Risk Data) via email, add “Secure:” to the subject line, even when sending within Stanford. “Secure:” ensures that the message is sent securely to prevent unauthorized access. For sharing protected health information (PHI), use the Stanford Medicine Box.

Report lost or stolen devices

If one of the devices used for your Stanford work (whether personally or Stanford owned) has been lost or stolen, report the incident to the University Privacy Office.