10 Security Best Practice Guidelines

1. Software

Only install applications, plug-ins, and add-ins that are required.
Every time you install something you are also installing all of that software’s vulnerabilities. Be mindful of what you install and which vendors you are selecting software from. Sticking to only required software from well-known sources is an easy way to reduce risks.


2. Updates and Patches

After installing, update!

Failing to install updates and patches can leave the door open for malware to infect your device.  Most major developers are very responsive with security updates and patches and work hard to get them out very quickly to fix exposed vulnerabilities. Make use of their efforts; update your device OS as well as any applications or add-ins you have installed. Turning on automatic updates is recommended. 

If you are Faculty or Staff, ensure that you are a member of our Secure Managed Desktop environment and we’ll take care of it for you!


3. Anti-virus

Install, frequently update, and regularly scan using anti-virus software.

For Staff and Faculty, Anti-Virus software is already part of our Secure Managed Desktop.

For more information on how to protect your personal devices and links to software, visit the U of T Anti-virus page.


4. Passwords

Have a password or PIN set for login to all devices; don’t leave any device password free.

Choose a strong password for your services and devices and ensure they are all different from one another. Reusing a password for multiple services can cause a single compromise to spill over to all of your accounts. Change your password frequently and ensure your passwords are nice and strong.


5. Encryption

You should encrypt all of your devices.

For the most part all newer phones and tablets support encryption. If you are going to be transferring any data that is not fully public on portable media such as a USB drive you should have that device encrypted.

For more information on encryption:


6. Backup

Backing up your data is a sure-fire way to protect you from the unexpected.
It’s worth it to keep a few months’ worth of backed up data if you can and make sure that you can retrieve files easily from whatever backup solution you select. For staff and faculty, if you have any questions regarding backup solutions, please contact the UTM Service Desk for information.


7. Physical Access

Don’t leave your computer or device unattended and logged in or in an unsecured area ever.
Be aware of the state and location of your mobile devices at all times. If you have a mobile device it’s a good idea to have some method of locating and remotely managing your device such as Blackberry Protect or the Find My iPhone app. If you are a UofT employee you have responsibilities to limit physical access to any sensitive data you may work with, please see the U of T Information Security Guidelines for what the requirements are.


8. Firewalls

Your computer likely comes with a built in firewall.

When configured properly, firewalls can help to protect your computer. Generally, you will always want your windows firewall turned on.


9. E-mail and Internet Safety

Beware of phishing emails that request information about you or others you may have had contact with.

It’s best to exercise a high level of caution with any email that seems out of place and only open attachments from parties you are fully confident in. UofT staff will never ask for your password by email. Don’t browse websites that produce a browser security alerts and be mindful with what you download and what sites you visit.

Learn more about how to protect yourself from phishing scams on U of T's Security Matters website.


10. Stay Informed

Make yourself aware of security issues as well as any specific polices that may apply to data in your care as part of your role here at UTM.

If you are UTM staff or faculty please make yourself familiar with the policies below.

Visit our Policies & Practices page for more information policies, guidelines, and standards at U of T and UTM.