Secure a Home Personal Computer

In cases where it is absolutely necessary to use a home personal computer, it is important to follow these steps to secure your computer.

University Policy requires University private data must be stored on University-owned computers. Employees must not store University private data on personally owned computers or other personally owned electronic devices. See the Securing Private Data, Computers & Other Electronic Devices Policy. This policy also has more information related to the steps below.

Begin with

Additional Steps

While Using the Computer


Begin with

Use a Separate Account & Strong Passwords

Set up a separate user level account to use when working from home.

A standard user level account should be used for daily tasks such as email and web surfing. Use of the administrative level account must be limited to those actions which require administrative access. See Administrative Privileges for additional information that you should know.

Your user level work account and the Administrative account should use strong passwords. Assigning a difficult to guess passwords is an important step in protecting your computer from misuse by others.  See Password Tips on how to develop a strong password and tips for keeping it secure. See the Setting Strong Passwords page for instructions on how to change your password using several common operating systems.


Install Security Patches and Use Automatic Updates

Use vendor supported operating systems (e.g., Microsoft Windows XP SP3, Vista, 7 or Mac OS 10.5 and later) and application software.

Operating Systems

Use the vendor's Automatic Update feature for installing Critical Security patches for your computer.  If your operating system does not have an automatic update feature, check the vendor's site frequently and apply security patches as soon as possible.

Operating system security patches/updates must be installed as soon as possible but not more than 30 days after release by the vendor.

Microsoft regularly releases fixes, called patches, which will remedy the associated problem. More information on the Windows updates can be found at the Microsoft Windows Update webpage.

Apple provides security vulnerability updates.

See Security Tools and Downloads for more detail.

Application Software

Application software (e.g., Adobe, Office, browser, iTunes) also needs to be patched for security holes. If the application software does not have an automatic update feature, check the vendor's site frequently and apply security patches as soon as possible or use an application (e.g., Secunia or metaquark AppFresh) that scans for missing patches.  See Security Tools and Downloads for more detail.

Patching for designated high risk software applications is required as soon as possible but not more than 30 days after availability from vendor.


Install Virus Protection Software

There are various options for Anti-virus Software, see Anti-Virus Technology Products.

Anti-virus software works by looking for patterns of known worms and viruses in files you download and programs that are running on your computer. Since the virus writers are always creating new worms and viruses, your virus protection software needs to be regularly updated to recognize the latest threats.

Many computers come with anti-virus software pre-installed. When switching anti-virus programs begin by uninstalling other anti-virus programs that may be installed on your computer.


Install a Firewall

Some operating systems come with a built-in firewall that may need to be turned on, see Use a Firewall.

Firewalls offer the added protection of preventing access to sources of Internet traffic, be it an application on your computer or another computer on the Internet, from being transmitted. Windows XP and Mac OS X 10.2 and above provide built-in firewalls that provide some basic firewall functionality. If you do not have either of these operating systems you can purchase a personal firewall for a nominal fee.

Caution: Misconfiguration of a firewall can prevent all Internet access on your computer.


Additional Steps

Set a Password Protected Screen Saver Lock out

Set the screen saver to lock the computer if there is no activity for 30-60 minutes. Require a password to unlock the screen saver.

When you are not using your computer, anybody else could be using it instead. This gives a person the ability to install a virus, steal files, or perform actions while appearing to be you.

To require a password to return from a screen saver in Windows:

  1. Right click on a blank part of the Windows Desktop and click Properties.
  2. Click on the Screen Saver tab
  3. Choose a screen saver that you would like to use
  4. In the Wait box, type the amount of time that you want till the screen saver activates. 30-60 minutes is typically a very usable time.
  5. Check the box next to On resume, password protect.

Windows also gives you the option to lock the workstation at any given time. To do this, simply hold down the "Windows" key and press the letter "L".

To require a password to return from a screen saver in Mac OS X:

  1. Click on the Apple Menu and select System Preferences...
  2. Select Security and place a check next to Require password to wake this computer from sleep or screen saver
  3. Click on Show All and click on Desktop & Screen Saver
  4. Choose a screen saver from the right column
  5. Set the Start screen saver: slider bar to somewhere between 30 and 60 minutes.

Secure Your Web Browser

To reduce risks associated with the web, see the recommended settings and tools available to help Secure Your Web Browser.


Install Spyware Detection Software

Spyware is software that is installed on your computer without your knowledge or is bundled with other software you download from the internet. There are software utilities available that can detect Spyware on your computer. See Spyware Utilities on the Security Tools and Downloads page.

Spyware can:


While Using the Computer

Use the User-Level Account for Working from Home

The user level account set up for working from home should be used for daily tasks such as email and web surfing. Use of the administrative level account must be limited to those actions which require administrative access. See Administrative Privileges for additional information that you should know.

Use a strong password.  See the Setting Strong Passwords page for instructions for how to change your password on some common operating systems.


Store University Data on University File Servers

The documents, spreadsheets and the files you use for work should be stored on a University file server. University private data must be stored on University-owned computers. For examples of private data, see Private Data Interview Form (PDF). Talk to your local IT Professional staff about where to store your data when working from home.


Protect Your USB Drives/Removable Media

If you copy University data to removable media (USB flash drive, CD or DVD), the physical security of the removable media should be at least equal to that of the machine the data originated from.

To protect the data stored on these devices, encrypt them so if they are lost no one can read the information stored on the device without the encryption password.

Use an encrypted USB drive like Kanguru Defender or encryption software like TrueCrypt. See Encrypting Data for more information. Plans should also be made to allow recovery from unexpected problems.


Prevent Unauthorized Use of Your Work Account

When using your work account, use the screen saver to lock the computer if you need to leave the computer attended. A password should be required to unlock the screen saver.

Log off your work account before doing non-work related tasks on your home computer.

When you are not using your computer, anybody else could be using it instead. This gives a person the ability to install a virus, steal files, or perform actions while appearing to be you.

Windows gives you the option to lock the workstation at any given time. To do this, simply hold down the "Windows" key and press the letter "L".


Verify Security Patches are Installed

Periodically check for missing security patches by running an application (e.g, Secunia or metaquark) that scans for missing patches. See Security and Tools Downloads.  See Getting Started with Secunia PSI for a view of Secunia PSI.

Operating System

Install the security patches for the operating system, when prompted to install. Some security patches may require a restart of the computer to complete the installation.

Security patches/updates must be installed as soon as possible but not more than 30 days after release by the vendor.

Application Software

Application software (e.g., Adobe, Office, browser, iTunes) also needs to be patched for security holes. Install the security patches for the application software, when prompted to install. Some security patches may require a restart of the computer to complete the installation.

If the application software does not have an automatic update feature, check the vendor's site frequently and apply security patches as soon as possible or use an application (e.g, Secunia or metaquark) that scans for missing patches. See Security and Tools Downloads.

Patching for designated high risk software applications is required as soon as possible but not more than 30 days after availability from vendor.


Use Safe Computing Practices

Our recommended steps can only protect you from what is known. Using safe computing practices can limit your exposure to these new things that appear on the Internet before the makers of our recommended products can produce updates to protect you.

Some safe computing practices include:

This is not an exhaustive list. There are so many computing scenarios that they could never all be recorded. When you are presented with an unknown situation, always err on the side of caution and ask your department's IT Professional for guidance on how to proceed.