Stay Safe Online
Check your anti-virus software
Academic Technologies installs CrowdStrike anti-virus software on all Duke-owned computers. Duke does not currently license anti-virus software for personally owned computers. AcTech's current recommendation (based on the IT Security Office's recommendations):
- Mac computer – Avast free antivirus software: https://www.avast.com/en-us/free-mac-security
- Windows 10 computer – use the internal Windows Defender software; no installation required
Accept software updates
All desktop computers at the law school and many home and laptop computers have our software management system. We manage software updates for most common software through that system. If your computer is not “managed” (contact us if you are unsure), you should accept updates from the operating system and from your installed software. (But never accept any self-proclaimed updates or software installations that pop up when you visit a web page.)
Protect your connection
We install Virtual Private Network (VPN) software on home computers and laptops that we set up, but you can also install it on your own personal computers and your mobile devices. The VPN protects your communication with Duke when you are on a network that might be compromised, whether in Starbuck’s or in an Internet café in a remote country. It can also help you determine that the network is legitimate: Start the VPN as the first thing after you connect. If the VPN cannot connect or it reports an error, you should be suspicious of the network and especially any screens that ask you to log in. Go to http://portal.duke.edu to get the VPN software (the software is called Cisco AnyConnect; if after installing it, you find the connection profile is empty, type in "vpn.duke.edu"). Please feel free to contact the help desk for assistance. Under insecure conditions, to protect all your communications, use the “INTL-DUKE” group in AnyConnect, rather than “default,” which only protects traffic to and from Duke.
Use Duo as a second factor
This system provides a second check - beyond a password - for accessing Duke online resources. The second factor involves either a special code you enter when logging in, or your responding on a phone or app. You can sign up for MFA here: http://oit.duke.edu/mfa . We recommend signing up with your personal and work phone numbers as your first step, then following the instructions to install the smart phone app if you have one. Special USB “keys” can also be purchased that simplify the confirmation step even further. Please don’t hesitate to contact the help desk for assistance. Multiple Duke services now require MFA - and the list will only grow with time.
Don't reuse passwords!
Duke has licensed LastPass Premium for all community members. This is software that lets you put all your passwords in one very safe location and that helps you create and use strong passwords when logging into other websites. Go to OIT’s software website (http://software.duke.edu) and look for “LastPass.” Or use this URL: https://software.duke.edu/node/108 . The help desk can assist with setting up and using LastPass.
Phishing and malware can cost you and the university money
There is no better protection against phishing messages, ransomware, malware and other attacks than your own sense of caution. Think before you click!, because that link, no matter how familiar or trustworthy or important it may seem on first glance, could literally be from anywhere in the world…
Keep sensitive data private
This is especially important for mobile equipment, because any files, messages or other data on the device could end up in someone else’s hands if the device is lost or stolen. All operating systems (Windows, Mac OS, iOS, Android) support encryption. The help desk can assist you in setting up encryption.
Don't let someone get into your mobile device
The IT Security Office is recommending a free system that works on all platforms called Prey (http://preyproject.com ). It allows you to track where a mobile device is, which can be invaluable when it is lost or stolen. Such a system also allows you to remotely wipe the contents and “lock up” a device if you need to. There are other systems available as well, such as Apple’s “Find my iPhone” and “Find my Mac," which are available through your Apple iCloud account, and Google's Account services. If you have access to your Duke Office 365 email on a smart phone or tablet, Outlook on the Web (https://mail.duke.edu) can be used to remotely wipe email contents or, under circumstances, your entire device. Contact the help desk if you have questions.
Start over when you get back
Here is our recommended strategy for when you travel to countries where security may be at risk: a) take only the devices that you really need; b) back up your entire hard drive or storage before you go; c) when you return, wipe your entire drive or storage, and restore from the backup; d) change any password that you entered into the device during your travels. Academic Technologies can provide advice on each of these steps. Also, we have some loaner laptops available to faculty members for borrowing for travel, available on a first-come, first-served basis. Please also see OIT's Global IT site for more advice about international travel.