Information Security Tips

To protect your computer from viruses, worms, hacking attempts, and data theft, ITS recommends that you follow the guidelines listed belowHere are ITS’s recommendations for maintaining the security of your USC NetID account and your computing devices.

For additional information on the latest security threats, phishing attempts, and critical software and operating system patches, follow the ITS security blog at

Maintain Secure Passwords

It is important to create secure passwords or passphrases to maintain account security. USC policy requires that you change your password at least once a year.

  • Your USC NetID password must contain 12 or more characters. See see the for more information.
  • Never share or write down any passwords.
  • ITS also suggests that you set up a secondary email address for your USC NetID account so that you may change or reset your password on the USC NetID Account Services website,

Use Two-Factor Authentication (2FA)

Two-factor authentication (2FA) helps keep your accounts secure by providing a secondary means of confirming your identity each time that you log into your accounts.

  • Many accounts have 2FA capabilities: ITS recommends you enable 2FA on any account where it’s available
  • USC faculty with administrative appointments and all USC staff are required to use Duo 2FA to access single-sign on services. ITS encourages all faculty to enroll their USC NetID accounts in Duo. See for information on Duo 2FA.
  • Students can enable 2-step verification on their Google Apps at USC accounts, see for information.

Be Alert for Phishing Scams

Phishing schemes are attempts to steal personal information through fraudulent email that looks legitimate. These email messages often provide links to fraudulent websites where you are asked to disclose credit card numbers, social security numbers, or other private information.

  • Be suspicious of email messages that contain urgent requests for personal financial information.
  • Do not click links in email messages that you suspect are not legitimate. Instead, open a new browser window and type in the URL directly.
  • Do not disclose personal or financial data in email.
  • See for more information on phishing scams and how to avoid them.

Keep Your Software Up-To-Date

Most major software companies release regular updates for their software in response to security threats. Keeping current with updates helps keep the personal information on your devices safe.

Use Antivirus Software

To protect against viruses and malware, antivirus software should be installed on all devices that are connected to the Internet.

  • USC provides free antivirus software (Sophos Endpoint Security) for USC account holders at See for more information on Sophos Endpoint Security.
  • Make sure to regularly update your antivirus software to ensure you are protected against recent threats.

Set Security Codes on Your Devices

Anyone that gains physical access to your desktop, laptop, or mobile device may also access the files, accounts, and personal information stored on it. Setting a security code makes it more difficult for others to access the information on your devices.

  • Security codes can be a password, personal identification number (PIN), biometric identifier (such as a thumbprint), or pattern you enter on your device’s home screen in order to log into it.
  • Consult your computer’s or device’s user manual for information on how to properly set up and use security codes on your computer or device.

Encrypt Your Computing Devices

Use encryption to protect personal information on mobile computing devices such as laptops, tablets, and phones.

  • The Windows, Mac OS X, and iOS operating systems have built-in encryption functions. For more information on using these built-in functions, see

Use USC-Approved Tools for Storage and Backup

The Microsoft Office 365 suite is the only service currently approved for the storage and transferring of USC’s legally regulated or restricted information.

  • For information on the storage services available with Microsoft Office 365, see
  • For information what types of information are legally regulated or restricted at USC, see
  • USC Google Drive accounts and other commercially available document storage services, such as, DropBox, or non-USC OneDrive or Google Drive accounts, are NOT approved for storing or transferring legally protected or high-risk USC information.

Use Virtual Private Networking (VPN)

Whenever you connect to the Internet or another computer on a unsecure network, the personal information stored on your device can be intercepted by hackers.

  • Use USC’s virtual private networking (VPN) software, Cisco AnyConnect, when connecting to open or public wireless networks. For more information on using VPN, see

Getting Help

Forquestions regarding these information security tips and best practices, please contact the ITS Customer Support Center.