Zuckerman Institute Research Computing: Computer and Data Security

Protect Your Research Data!

1. Keep an Offline Backup of Your Active Data. Archive data that is no longer actively used.

Create a backup of data, and make sure that backup is not connected to your computer. Contact us at support@zi.columbia.edu to discuss options for selecting the best backup option for your file servers, desktops and laptops.

Archiving old data not only removes it out of reach of hackers, but also frees up space on the primary storage and speeds up backups of your primary data.

Replication (syncing) solutions do not protect against ransomware. Ransomware is a type of malicious software that perpetually blocks access to data unless a ransom is paid. If your data gets encrypted, syncing will replicate the encryption across to the destination device. Tape backup is the only data protection technology that protects your data against ransomware.

2. Be aware: There are No Firewalls for Columbia's Manhattanville and Morningside campus network

The Jerome L. Greene Science Center (JLGSC) network is part of Columbia's Manhattanville/Morningside (aka downtown) campus network. The campus network here is configured differently than at CUMC. In general, when you plug your computer with an Ethernet cable into a network jack in the wall (Columbia's wired network), your computer will be assigned a public IP address. Public IP addresses are visible and reachable by the entire world.

3. Use the Wired Network or, if Using Wi-Fi, Use Columbia's Secure Wi-Fi Network

If using a wireless network (Wi-Fi), use the network called "Columbia U Secure". It requires UNI authentication and is encrypted. The "Columbia University" network is wide open and anyone can connect to it.

Instructions on how to connect to the "Columbia U Secure" network: CUIT Wireless Network (and then see "Secure Wireless" section).

4. Install Anti-Malware/Anti-Virus Software

The Institute provides free access to anti-malware called Malwarebytes for MacOS and Windows. Contact support@zi.columbia.edu for details.

(Another solution is Avira free antivirus software.  You can also purchase a premium version.)

5. Install All Security Updates

Install all security updates (patches) for your computer. Do not wait. When your operating system and application software releases new security updates, install them immediately.

6. Use Strong Passwords That are Hard to Guess

Don't store passwords in an Excel sheet or a web browser, instead use a password manager like KeePass (Windows), KeePassX (Mac/Linux) or other.

7. Disable Remote Assistance, Remote Desktop, Secure Shell (SSH), VNC

...and any other remote access if you do not need to manage your computer remotely. If you really need to manage your computer remotely, do the following:

1) If your computer has a public IP address, you should firewall it, connect to the Columbia University VPN, and then use the remote desktop to connect to your computer.

2) If your computer has a private IP, it is already unreachable from the Internet. You can connect to the Columbia University VPN and then use the remote desktop to connect to your computer.

8. Consider Switching Your Computer from Public to a Private or Controlled IP Address

The Zuckerman Institute in JLGSC has private or controlled IP addresses available for use. Computers using these options cannot be seen or accessed from outside of the University network.

They can still be accessed through the Virtual Private Network (VPN) connection.

To request a private or controlled IP address for your computer please send email to support@zi.columbia.edu.

9. Configure a Firewall on All Devices

Most computers, NAS devices and printers have a firewall that can be configured to protect the device. If your computer/NAS/printer is using a public IP address you should configure it with a firewall.

10. Create Separate System Accounts for Users and Do Not Share Logins

If you must share an account on a computer, for example on an instrument PC, then after you are done using the computer, disconnect your Engram network storage shares and log out from the computer.

Also see CUIT's Security and Privacy page.