Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Public Relations

Securing Your Computer Get Started - Center

Work Smart: Securing Your Computer
Get Started
About Securing Your Computer
Adhere to Security Standards, Always
Every domain connected computer is a gateway to the corporate network.
Therefore, you must guard it against intruders trying to gain unauthorized
access to resources and intellectual property. “Securing Your Computer”
provides several best practices that will help you protect your computer
from potential threats.
Follow the policy standards set by <<insert organization’s information
security group name>>, regardless of whether you are a full-time employee,
an intern, or a remote worker who connects to the <<organization’s name>>
network.
Topics in this guide include:

Use passwords for security

Use Microsoft® Forefront™ Endpoint Protection

Set a password for your screen saver

Lock your computer

Encrypt files on your computer with Windows BitLocker™ Drive
Encryption or Encrypting File System (EFS)

Store data securely

Install from trusted sources

Digitally sign and encrypt e-mail
Customization note: This document contains guidance and/or step-by-step
installation instructions that can be reused, customized, or deleted entirely if
they do not apply to your organization’s environment or installation
scenarios. The text marked in red indicates either customization guidance or
organization-specific variables. All of the red text in this document should
either be deleted or replaced prior to distribution.
The <<insert organization’s “general use” policy name>> details the policies
that apply to anyone who has access to the corporate network, and specifies
the standards you must follow for your network accounts and passwords,
building and network access, and usage of computing devices and
applications, and other areas.
The general use standards specify how to appropriately use and secure
computing devices such as desktops, portable computers, mobile devices,
printers, faxes, and any other device by which you can connect to the
corporate network and access data. You always should adhere to these
standards.
The <<insert organization’s information security group name>> regularly
monitors the corporate network and connected users to ensure they are
complying with policy. If you violate information security standards, you may
face disciplinary action, up to and including immediate termination of
employment or assignment, and you may be subject to civil and/or criminal
liability
For detailed information on <<organization’s name>>information security
standards and general use standards, see:
•
<<Insert links to related your organization’s Information Security
standards and policies>>
More Work Smart Content: http://microsoft.com/itshowcase
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.
Page 1 of 7
Work Smart: Securing Your Computer
Get Started
Install Updates Regularly
Use Passwords for Security
Keep your software up-to-date at home and at the office. Use automatic
updates to ensure you always have the latest software, updates, and virus
protection. To turn on automatic updates manually:
Select strong, hard-to-hack passwords, which act as your computer’s first line
of defense for protecting your data and intellectual property, and the
organization’s network.
1
Click Start, click All Programs, and then click Windows Update.
2
Click Change Settings on the Windows Update page.
When you create and use passwords, follow these best practices:
•
Choose “strong” passwords that are at least eight characters long,
and which includes a mix of the following: uppercase and lowercase
letters, numbers (0 through 9), and symbols (~!@#$).
•
Do not use words or names in passwords.
Do not create passwords from words in any language, slang, dialect,
or jargon; personal, family, or pet names; or titles of items, such as
the name of a book, song, or movie.
•
3
Do not use passwords from other accounts.
Each of your accounts should have a unique password.
Make sure that Install Updates automatically is selected.
•
Do not sequence your passwords.
Do not add a number or letter to a previous password to create a
new one. For example, do not change LP4Rf7W! to LP4Rf7W!2.
•
Do not select the Save this password in your password list check
box when you are prompted.
•
Disable the Save password option in Dial-Up Networking, if you are
working on a laptop or remote computer.
More Work Smart Content: http://microsoft.com/itshowcase
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.
Page 2 of 7
Work Smart: Securing Your Computer
Get Started
•
•
Create passwords that you can remember easily. One way to do this
is create a password based on a song title, affirmation, or other
phrase, by using the first letter of each word in that phase.
After Forefront is installed and running on your system, FEP definitions
update automatically from Windows Server Update Services (WSUS),
Windows Update, and Microsoft Update.
For example, the phrase might be This May Be One Way To
Remember. Your password could be TmB1w2R! or Tmb1W>r~.
Is Forefront Running Correctly?
Never provide your account password to anyone, including the
Helpdesk or your administrative assistant.
Customization note: The above bullets represent some password creation
best practices; this list should be updated based on the best practices
defined by your organization.
To determine whether FEP is running correctly:
1
In Control Panel, open Security Center .
•
The Microsoft Forefront Client Security window appears.
•
Antimalware protection should be On, and there should be a
Passwords always must comply with the <<organization’s name>>password
standards. For more information, see << insert password standards URL>>.
Warning
•
Do not use the passwords that were examples in this section as your
passwords.
•
<<organization’s name>> holds users accountable for actions that
result from unauthorized network connections with their credentials.
Use Microsoft Forefront
If your devices attach to the corporate network, then you must have
Microsoft Forefront Endpoint Protection (FEP) installed and enabled. FEP is an
enterprise application that detects not only viruses, but also all malicious
code and software: spyware, adware, worms, Trojan horses, robots (bots),
Remote Access Trojans (RATs), vandalware, and rootkits.
green icon (
) in the notification area. This indicates that FEP is
working correctly.
More Work Smart Content: http://microsoft.com/itshowcase
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.
Page 3 of 7
Work Smart: Securing Your Computer
Get Started
2
MSIT recommends that you use your Windows password in combination with
your screen saver to prevent unauthorized access to your computer and the
corporate network when you are not working on it.
Double-click
, and the Microsoft Forefront Endpoint Protection
window appears.
By default, your screen saver starts to run after your computer is idle for 15
minutes. To change the time in which your computer or mouse is idle before
the screen saver opens:
1
Click Start, click Control Panel, and then click Appearance and
Personalization.
2
Click Change screen saver, and then set the time delay that you
prefer.
For more information about how to establish a password, see “Use Passwords
for Security” previously in this document.
•
•
If FEP is running correctly, then the system tray icon, and the check
marks under Malware protection and Windows Firewall, should be
green.
If FEP encounters an issue, the system tray icon will be red (
and there will be information under Malware protection that
indicates the issue.
Set a Password for Your Screen Saver
Use a password to help secure your screen saver, which is the utility that
causes your computer screen to go blank or show a preconfigured image
when the computer is idle for a specific time.
),
Lock Your Computer
Lock your computer when you are not using it. This enables you to leave
programs open and running, but protects the corporate network and
resources from unauthorized access.
When you are stepping away from your computer:
•
Press the Windows logo key (
)+L
--OR-•
Press CTRL+ALT+DELETE, and then click Lock Computer on the
Windows Security dialog box. This locks your computer.
When you want to unlock your computer, move the mouse or press the
space bar on your computer, and the Unlock Computer dialog box appears.
Enter your username and password, and then click OK.
More Work Smart Content: http://microsoft.com/itshowcase
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.
Page 4 of 7
Work Smart: Securing Your Computer
Get Started
Encrypt Files on Your Computer
Encrypt files on your computer to prevent unauthorized access. There are two
ways to encrypt data on your computer. You can use BitLocker Drive
Encryption or Encrypting File System (EFS).
Using BitLocker
To encrypt a folder:
1
Navigate to, and right-click, the folder that you want to encrypt, and
then click Properties.
2
On the General tab, click Advanced.
3
In the Advanced Attributes dialog box, select Encrypt contents to
secure data.
4
At the prompt window, select the option to encrypt all files and
subfolders within the folder.
BitLocker protects data on your computer by preventing unauthorized access
to the hard disk drive. It allows access to your protected hard-disk data only
after you log on to computers running Windows Vista® or newer.
Additionally, BitLocker To Go™, which is available in Microsoft Windows 7
only, prevents unauthorized data access on your portable storage devices,
including a universal serial bus (USB) flash drive.
For detailed information about how to use BitLocker, refer to the following:
•
“Protect Your Data with BitLocker”: This Work Smart Guide provides
detailed instructions about how to enable and use BitLocker. Located
at<<Insert link or file location for “Protect Your Data with BitLocker”:
Work Smart guide >>.
Using EFS
If your computer is not BitLocker-compatible, then use EFS. It encrypts your
files and folders by using a certificate that <<organization’s name>> issues
when you join your computer to the corporate domain. EFS requires other
people to enter the appropriate decryption key before they can access your
encrypted content.
It is recommended that you dedicate a folder on your operating system in
which you want to encrypt content. When you encrypt the folder, EFS
prompts you to encrypt its files and subfolders.
Important
•
It is recommended that you do not encrypt your My Documents
folder.
•
If you move, copy, or save a file to an encrypted folder, the file
becomes encrypted.
•
If you move, copy, or save an encrypted file to a location that is not
on your hard disk, the file becomes decrypted.
More Work Smart Content: http://microsoft.com/itshowcase
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.
Page 5 of 7
Work Smart: Securing Your Computer
Get Started
Store Data Securely
Install from Trusted Sources
Store your data on a Windows SharePoint® site or by using IntelliMirror®
Redirection Services, which provides a secure backup that MSIT manages.
Do not install programs from the Internet unless you are familiar with the
source. This includes freeware and shareware, which carry a high risk of
containing malicious code. If you install software from sources that you do
not know, you are compromising your computer and other computers on the
corporate network.
Using SharePoint
If you plan to store sensitive data on SharePoint, a business collaboration
platform that enables you to work with other people across the globe, then
you should become familiar with the <<organization’s Information
Classification requirements>>, which provides guidelines for working with
<<High Business Impact (HBI) or your organization’s equivalent>>
information and Personally Identifiable Information (PII). It also mandates
how to manage access to your SharePoint sites.
The <<HBI classification or your organization’s equivalent>> applies to any
information assets that, if disclosed without authorization, could cause severe
or catastrophic material loss to <<organization>>, the information asset
owner, or relying parties.
You must control access to your <<HBI or your organization’s equivalent
>>assets, and limit disclosure to a need to know basis only. This information
also is subject to the <<organization’s corporate privacy policy>>, which you
can find at <<URL>>
Sensitive PII can include government identification, such as social security
and driver’s license numbers, and credit and medical information. There may
be legal requirements for this data’s storage, transmission, and protection.
Contact your<< organization’s legal group>> representative for specific
guidance.
Do not assume that an application or software is safe just because an internal
Web site contains a link to it.
Digitally Sign and Encrypt E-Mail
Secure/Multipurpose Internet Mail Extensions (S/MIME) enable you to
encrypt and digitally sign your e-mail messages so only people that you
specify can access them. Encrypting your messages converts data with a
cipher text, and recipients cannot access them unless they have a private key
that matches the public key that you use for encryption.
When you sign a message digitally, S/MIME applies an authorized certificate
to it that validates that the message is from you, and that it is unaltered.
If you send or receive encrypted messages within <<organization name>>,
you do not have to take additional steps to access a message’s encrypted
content or to enable intended internal recipients to access your encrypted
messages.
However, if you are sending encrypted e-mail to, or receiving it from, people
outside the organization, you have to exchange certificates and keys first.
For more information, see << URL>>
More Work Smart Content: http://microsoft.com/itshowcase
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.
Page 6 of 7
Work Smart: Securing Your Computer
Get Started
For More Information

Welcome to Microsoft Update
http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=e
n-us
More Work Smart Content: http://microsoft.com/itshowcase
This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.
Page 7 of 7
Related documents
Chapter 1Computer Concept
Chapter 1Computer Concept
MET 1103 Introduction to Computing
MET 1103 Introduction to Computing
ASP.NET MVC
ASP.NET MVC
Old YMCA Building in Richmond, Indiana 47374
Old YMCA Building in Richmond, Indiana 47374
Cloud OS Vision Deck Full Version
Cloud OS Vision Deck Full Version
Specific - Bedford/St. Martin`s
Specific - Bedford/St. Martin`s
Download