Now that you know your risk level, it’s time to implement appropriate tasks to protect your data. Work with your departmental IT support resource or IS&T to undertake reasonable steps to complete these tasks. If implementing a particular task prevents you from completing your work, contact security@mit.edu—it may be acceptable to mitigate the risk using other methods. Some of the tasks might not be applicable to your situation. You may filter the list to show tasks applicable to your role – User, Data Owner, or System Administrator. If you are handling regulated information or have signed a data use agreement there may be some tasks that are absolutely required.
Your current IT support may already have many of these tasks implemented as part of their service. You can also contact the Service Desk for assistance with securing information.
| Task | Applies to | Service or Tool | |
|---|---|---|---|
| Enable your operating system's firewall. | Learn how |
| Task | Applies to | Service or Tool | |
|---|---|---|---|
| Use vendor supported applications and operating systems. | Learn how | ||
| Configure automatic download and application of software and operating system updates. | Learn how | ||
| Stay informed of available patches for your operating system and applications. | Learn how | ||
| Where applicable, use endpoint management tools to ensure the tasks for this level are completed on your devices. | Learn how |
| Task | Applies to | Service or Tool | |
|---|---|---|---|
| Promptly report actual or suspected compromise, including loss, theft, improper use, modification of, or access to information to security@mit.edu. | Learn how | ||
| Review your systems and procedures regularly to ensure the tasks for this risk level are applied. | Learn how |
| Task | Applies to | Service or Tool | |
|---|---|---|---|
| Create a unique, non-privileged, account for each user. Assign a different password for user and administrative accounts. | Learn how | ||
| Use strong passwords. Change authentication keys e.g., password, certificate, regularly – at least annually. | Learn how | ||
| Do not reuse passwords for multiple services. Do not use your Kerberos password for non-Kerberos enabled systems. | Learn how | ||
| Change passwords immediately if a compromise is suspected. | Learn how | ||
| Store and transmit only encrypted passwords. | Learn how | ||
| Change default or vendor-supplied passwords and remove default accounts. | Learn how |
| Task | Applies to | Service or Tool | |
|---|---|---|---|
| Install malware protection applications, if available for the platform. | Learn how | ||
| Set up and perform regular backups. | Learn how | ||
| Enable whole disk encryption on portable devices. | Learn how |
