Information Security Best Practices

In our ever-evolving digital landscape, safeguarding our information is of paramount importance. Cyber threats, particularly phishing attacks, can compromise our data and systems. To ensure our information remains secure, here are key practices we should emphasize:

1. Phishing and Click Wisely:

Phishing attacks often begin with deceptive emails, texts, or messages. Be vigilant when encountering unsolicited messages or requests for sensitive information. Click only links and files that are expected, and only from people you trust. Phishing is a scam in which someone sends you a message trying to get you to open a file, click a link, or follow provided instructions. Their goal is to steal your personal information or money. Harvard Information Security identifies and blocks millions of phish every week.

Here are some strategies you can use for the ones that slip through:

2. Strong Passwords and Two Step Authentication:

Protecting your accounts begins with strong authentication.
Create passwords that are unique and hard to guess. Use two step verification where it is available. A password is how you prove you are you. Technology has gotten better and better, isn’t it time to improve the way you handle passwords? Refuse to reuse, using the same password for all your accounts is risky. Use a password manager.

Learn more….

3. Know Your Data:

Understanding the sensitivity of the data you handle is crucial. Follow University policy to secure Harvard data. If you don’t need it, delete it!

Learn more…

4. Applying Updates:

Outdated software and systems are vulnerable to exploitation.
For personal machines, set your software to auto-update. Install updates, and restart if needed.

Harvard owned and configured machines at SPH are managed through a system management software and patches are automatically applied. Please reboot weekly so your computer stays up to date.

Learn more…

5. Using Zoom Securely:

When using video conferencing tools like Zoom, it’s important to be mindful of your security and privacy. As remote work and online meetings have become more common, cybercriminals have also targeted these platforms. By following a few best practices, you can help protect your Zoom meetings and account from unauthorized access or other security threats.

Increase security and privacy for Zoom meetings

Embracing these practices is a collective effort to maintain information security. If you have any questions or need assistance with any of these practices, please don’t hesitate to contact our information security team at

Our collective commitment to these principles will strengthen our defenses against cyber threats and help protect our data and systems.

Also wanted to share with you a new resource which you may find useful:
Protecting against online abuse and harassment: resources for the Harvard community

Thank you for your dedication to information security.

Best regards,
Andy Ross, Senior Information Security Manager