Personal Device Security Guide

Woman holding smartphone and using laptop on table with glasses and coffee cup

Follow the below tips for protecting personal devices and accounts.

Install anti-virus software

Research shows that home office networks are 3.5 times more likely than corporate networks to be infected by malware. Duke recommends using:

Windows: Windows Defender Antivirus
Mac: Apples’s built in hardware and software security

Run an up-to-date operating system

Manufacturers eventually stop providing updates, including security patches, to their older operating systems (OSs). Without security updates, unsupported OSs become targets for attackers and other software, including anti-virus software, may not work as effectively. Be proactive by upgrading to an up-to-date OS before it goes out of support.

You can track end of support dates for OSs at https://endoflife.date

Devices running unsupported OSs will be quarantined from the Duke University network, see Endpoint Device Security and Quarantining Practices.

Patch your system

Patching your computer is one of the most important ways to protect yourself online.

Windows: Turn on Windows Update and set it to download and install patches automatically.
Mac: For Mac OS, patches are installed via the System Settings under General → Software Update. You can also configure your device to install macOS updates automatically.

Patch your applications

In addition to patching your OS, regularly check for updates to applications like browsers (Chrome, Edge, Firefox, and Safari). Attackers can use vulnerabilities in browsers, and popular browser plugins like Adobe Flash and Java to take over your computer. There are programs out there that will automatically check for updates on your programs and applications.

Windows: Activate Microsoft Updates so that Office and other Microsoft updates are being applied. The Security Offices recommend Patch My PC Updater for your at-home Windows computers (you cannot use it on a Duke-owned device).
Mac: The Security Offices recommend Mac Update Desktop for Mac users.

BE CAREFUL WITH APPS

Download apps from trusted vendors and sources like the Google Play store or Apple App store and pay attention to what permissions you are granting. Use Exodus to understand Android app tracking concerns.

LOCK IT DOWN with 1Password

With so many breaches occurring, it's important to have different and long passwords for each account/site to avoid password reuse. See the Secure Access Guide for recommendations on passwords and password management tools i.e. 1Password.

Use multi-factor authentication

Multi-factor authentication (MFA), also referred to as advanced or two-factor authentication (2FA), provides an additional layer of security making it harder for unauthorized users to access your devices and accounts.

Duke provides several services and tools including 1Password (password manager) and Duke Unlock (passwordless authentication to Duke services) to ensure the security and integrity of accounts.

The Duke Security Offices recommend applying the same approach for personal accounts like Google, Facebook, Dropbox, Twitter, Instagram, Apple, Microsoft, and various financial and health services.

Enable Device tracking

Enable the ability to track and locate your personal devices, in case they are lost or stolen.

Apple: Set up Find My for all your Apple devices.
Microsoft: Set up Find my device for any Windows device, such as a PC, laptop, Surface or Surface Pen. This requires use of a Microsoft personal account.
Android: Google Find My Device requires installation of the Find My Device app or use of the browser Find My Device.

Prey, is an open source anti-theft solution available for multiple platforms on various devices, that provides certain options should your device get stolen. . Users can use the service for free for one device or pay to cover multiple devices.

Limit Access

Set up different accounts for family members on shared computers. Microsoft and Apple make it easy to set up different accounts on the shared computer.

To prevent unauthorized access, use a password-protected screensaver that starts after a period of inactivity.

Windows: Add or remove accounts; Change your screen saver

Mac: Set up users, guests, and groups; Use a screen saver

Use the Duke Virtual Private Network

Use the Duke's VPN when accessing services remotely, especially when traveling. Remember that public Wi-Fi networks (airport, hotel, and coffee shop) are not secure.

Encrypt your devices

Visit our whole disk encryption page for suggestions to help encrypt personal machines.

Best Practices for use in research

Visit our best practices for use in research page for comprehensive guidelines on how to appropriately prepare your personal device for research use.

Reminder: Protect Duke Data & Proper Disposal

Ensure sensitive data is stored in Duke services that meet the security requirements. Refer to Duke Services and Data Classification for options.

Ensure media containing sensitive data is properly disposed following the Media Control and Disposal Policy.