Minimum Security Responsibilities
Home > Best Practices & Standards > Minimum Security Responsibilities
Minimum Security Responsibilities
Computers and Mobile Devices
These are the minimum security requirements that must be followed when using a device to connect to Harvard’s resources or doing work for the University.
Require a password or similar control for device access
Require a form of authentication, like a pin, password, or thumbprint, to unlock your device.
Apply security updates
Security patches keep your device protected against the latest exploits. Updates should be configured to download automatically.
Install and configure security software
Anti-virus or anti-malware software prevents malicious code from running on the protected system.
Encrypt device storage
When a device’s storage is encrypted, a stolen device will not necessarily mean stolen data.
Configure devices to lock when not in use
Devices should require re-authentication after a period of inactivity.
Discontinue use of end-of-life products
If a product is no longer supported by its manufacturer, it should be replaced, upgraded, or removed.
Backup data securely
Keep backups of Harvard data on approved storage services or encrypted removable storage.