Information Security
Secure Your Personal Computer

As the use of technology expands, the lines between our business, educational, and personal lives becomes blurred. Any device connected to the internet can be used as an attack vector. Preventative measures reduce the length and breadth of a cyber incident. In a culture of bring your own device, an ounce of prevention is worth a pound of cure.

Regardless of the device, its intended use, or ownership, familiarize yourself with how to Protect Your Information and Identity and your Rights and Responsibilities for the Use of Central Network and Computing Resources at Northwestern. The University is responsible for maintaining the network's integrity, protecting the rights of all network users, and promoting respect for applicable laws and applicable license provisions. Violations of system and network policies may result in disciplinary action, including termination of network access.

If you are using a personal computer to conduct University business, research, or classwork, below are some important ways to secure your computer and Northwestern’s network. Many of these options are free, require minimal effort to implement or maintain, and can be configured at any time (though it is recommended to secure your computer at initial setup).

Jump to a Section

Authentication and Authorization

Configure cloud-based authentication and a strong password at login to confirm your identity. If you are using a Windows machine, consider setting a BIOS password to prompt you to authenticate before the operating system and most hardware is allowed to start. Doing so reduces the chance that a password-cracking application will be successful or that a thief could change your settings.

Lock Your Screen

Lock your computer screen when you leave your computer unattended and enable an auto-lock after a period of inactivity. Configure both options to require your authorization to regain entry.  Balance security with convenience, but consider targeting a period of inactivity for no longer than 15 minutes before you are prompted for your password.  

Below are several ways to lock your screen manually before an auto-lock is initiated, though device operating systems and software versions are beginning to offer more dynamic features.

Mac OS

Choose a screensaver and set up a password to unlock the screen.

  • When you choose your screensaver, configure the Hot Corners button, which gives you options to start or stop the screen saver or put your display to sleep by moving your pointer to one of the corners of the screen. Choose an option from the pop-up menu that corresponds to a specific corner
  • Enable the fast user switching menu, which provides you with an option to navigate to the Login Window
  • Shut the lid (on a laptop)
  • Press Command+Control+Q, Control+Shift+Power, or Control+Shift+Eject, Command+Option+Power (or Eject)
  • Tap or click the Apple menu and select “Sleep” or “Lock Screen”

Windows

Configure your screensaver settings and click the box for “On resume, display logon screen”.

  • Shut the lid (on a laptop)
  • Press the Windows key+L
  • Press Ctrl+Alt+Delete and select “Lock”
  • Tap or click the Start button in the bottom-left corner. Click your user profile icon and then select “Lock”

Linux

Configure your lockout windows and password requirements based on your distribution and window manager settings.

Multi-factor Authentication

Weak or stolen passwords are a hacker’s weapon of choice for identity theft or launching a network attack. Many sites and services are now giving users the free option to raise the assurance level that you are who you say you are.

At login, device operating systems offer:

Mac OS

Turning on Two-Factor Authentication on your Apple ID; this service is available to iCloud and iTunes users with at least one device that’s using the latest iOS or macOS.

Windows

Setting up two-step verification on your Microsoft account.

Linux

Options for multi-factor authentication vary depending on your distribution, including native features or the ability to integrate with a third party authentication service.

Other services exist to protect your login to specific sites and apps. For example:

Encryption

Encryption is one of the most effective ways to achieve data security. Much like a safety deposit box at a bank, it requires a key to scramble and lock your data and a key to decode your data into a readable format.

Device operating systems offer the following free options:

Mac OS

Enable FileVault to encrypt the startup disk, which is limited to use on OS X Lion or later.

Windows

Enable BitLocker to encrypt full hard and portable drives, which is limited to use on Microsoft Pro and designed to work best with a computer deployed with a Trusted Platform Module (TPM) version 1.2 or later.

Linux

Enable encryption at install and use the default method for the distribution; in many cases, the software package may be dm-crypt. Almost every Linux distribution offers the gpg command to secure sensitive files, but it does not provide a modern graphical user interface. 

In the event the version of your operating system or the software package does not offer encryption, consider the following free options:

  • VeraCrypt: An open source application to encrypt the complete drive or partition; can be used on Mac OS, Windows, and Linux
  • AxCrypt or AESCrypt: open source tools to encrypt individual files or folders; both are compatible with Mac OS and Windows though only AESCrypt supports Linux

Self-Service Data Backups and Recovery

Back up your data files and create an image backup before enabling encryption on your computer. Then, develop a multi-faceted strategy, which may include both manual and automated approaches, to back up your data in the event your computer is lost, stolen, compromised or corrupted, or you accidentally save over or delete a file.

While saving to an external drive may be one method, it is not enough. Like your computer, external drives can also be misplaced or impaired by a force of nature (like a fire, power surge, or a coffee spill). Consider a cloud backup solution to an Internet-hosted service such as iCloud (store 5GB for free), Google Drive (store 15GB for free), or Carbonite (offers a sliding cost scale based unlimited storage and level of service). Backups can be automatically synced to your device, are accessible from anywhere there is a connection, and likely safe from physical damage. These services may also support multi-factor authentication for an additional layer of access control and file protection.

If you are using a personal computer to store University data, you are also eligible for CrashPlan Pro. Contact security@mccormick.northwestern.edu to request an account.

Locators and Remote Lock

Operating systems offer different security features to manage your computer, even if it isn’t in your possession. If available, consider enabling the following free configurations to help protect your information in the event your computer is lost or stolen. NOTE: You must configure these settings BEFORE an incident occurs; though many computers can be purchased with these features already enabled.

Mac OS

Use Find My Mac to locate your computer on a map, lock it or erase it remotely; requires cloud based authentication using your AppleID.

Windows

Use Find My Device to locate your computer on a map, lock it or erase it remotely; requires cloud based authentication using your Microsoft Account.

Linux

No native features exist to track your Linux machine.

In the event the version of your operating system or the software package does not offer encryption, consider the following options:

  • Prey to locate your computer on a map and lock it remotely; the hard-disk wipe command could be used if you are able to access your system directly remotely; while basic features are free, Prey offers a sliding cost scale based on level of service
  • LoJack for Laptops to locate your computer on a map, lock it or erase it remotely; LoJack offers a sliding cost scale based on level of service

Antivirus Protection

To protect your computer against viruses and other malware, Northwestern recommends

  • Windows users utilize Microsoft Defender (formerly Windows Defender), the built-in antivirus solution for Windows.
  • Mac users consider using free antivirus solutions like Sophos or Avast.

 

Apply Updates

Keeping your software up to date is one of the most important things you can do to maintain your computer’s security. These updates often address security flaws as well as stability and usability issues, maintaining updates is a good idea in general.

* Disclaimer: Examples of third party security offerings are meant to provide you with options to explore based on your security risk threshold. With the exception of Northwestern-licensed software, McCormick is not liable for any action you take on a personal device