Securing Your Devices

Scan devices with antivirus software

Periodically scan your devices for viruses and other malware. Keep in mind that antivirus products detect malware based on what is already known, so if it has not been seen yet, it will not be caught. This is also why it is important to keep it up to date.

Windows and Mac OS come with default antivirus software. If you prefer, you can also download McAfee antivirus for free through CUNY eMall:

  • Please note, on the CIS Technology Services page you can also access other services, including but not limited to, CUNYfirst, Blackboard, Library Services, DropBox, etc. Check it out!
  • On the CIS Technology Services page, click on the CUNY eMall icon link in the middle of the page.
  • Using your CUNY Login username and password, (ex: log into the CUNY eMall to access eMall services.
  • If you do not remember or know your CUNY Login username and/or password, please click here: CUNY Login and click on the appropriate links, Forgot Username or Forgot Password.

Turn on your firewall

Firewalls can limit what apps are allowed to receive inbound connections to your device. This offers a layer of protection for when you want to run unsigned third party applications or if you are on public WiFi.

Note that macOS devices have the firewall turned off by default.

Keep your device up to date

Vendors regularly release patches to fix bugs and vulnerabilities they find in their software. These vulnerabilities are published on the web in what is called a common vulnerabilities and exposures (CVE) database. Shortly after details are published, attackers will write exploits that target these vulnerabilities. It is important to keep your devices patched with the latest security updates.

Choose a strong password

Never use default passwords. These are easy to look up or guess.

Passwords need to be both long and random enough so that an attacker is less likely to brute force it. Generally when we say brute force, we mean that they are using a powerful computer running code that will very quickly generate passwords and see if they will work for your account.

They know what kind of habits people have when they create passwords – using common words in the dictionary, changing e for 3 or a for @, and so on.

That is why length and randomness are both important to creating a strong password.

Of course, it is hard to remember a long string of random characters. Here are some tips in creating strong passwords:

  • Don’t use common words (example: password). These are easily guessed.
  • Try combining a few words together with some random characters inserted in the middle of the words. (ex: Sec4urityFo&rYou)
  • Develop mnemonics to remember complex passwords

Protecting your password

  • Beware of phishing (link to phishing) scams
  • Don’t write them down
  • Never save your passwords in your browser – if your computer is compromised, an attacker could lift your credentials from your browser!
  • Check a website such as Have I Been Pwned to see if any of your accounts have been found in a data breach. If you reused your password for that account, change it immediately!

Use Multi-factor Authentication

A strong password is beneficial in protecting your personal information, but a strong password is not enough today. We’ve all heard of the breaches that occur in large, highly secure organizations. It is not uncommon for attackers to guess or steal passwords.

We can leverage Multifactor Authentication (MFA) to combat such attacks. MFA is a two-step process that increases security, and requires you to provide additional information to prove that you are the one authenticating to the account – a combination of “something you know” and “something you have on you.” For example, the first step is to provide your password (something you know). The second step would be to provide a code sent by text message to your phone (something you have on you).