Information Security for the HMS community
The integrity of our educational and research missions is critically important. Given that most of our daily activities are executed on or enabled by IT systems—from laptops and mobile devices to servers and high-performance computing platforms—threats to those systems endanger our mission.
Confronting these ongoing attacks and their inherent risks will require every member of our community's commitment and action.
Security requirements checklist
These requirements apply to any system that connects to the HMS network or is used to conduct HMS business. These systems include laptops, desktop computers, servers, and grant-purchased hardware and software.
Requirements for all
- Install threat-monitoring software – Install CrowdStrike, which helps Harvard respond quickly to advanced attacks using malware and stolen credentials.
- Install required security software – Install required information security software. This software keeps your system current and protects against viruses and other malware.
- Update your computer’s operating system and software – Immediately install updates that address security vulnerabilities. Apply other updates within 30 days of their release.
If you need any assistance meeting these security requirements, contact your local IT support team.
Requirements for system administrators
- Secure administrative accounts used to manage HMS software or systems – Enable two-factor authentication (2FA) to secure all administrator accounts on the systems you manage.
- Enable 2FA for all users on any HMS software or systems that you manage – Email email@example.com to request a security review of your authentication methods.
- Update your operating systems and apply patches to servers – Immediately install updates that address security vulnerabilities. Apply other updates within 30 days of their release.
- Remove internet access for outdated hardware and software – Block internet access to any system with hardware or software that the manufacturer no longer supports.
- Deploy vulnerability-scanning software – Uncover weaknesses across your systems by deploying CrowdStrike and Tenable® scanning software. Connect to a VPN to download this software, then email firstname.lastname@example.org for assistance in configuring the software for your environment.
Information Security liaisons
Security liaisons identified for each department or lab will coordinate with their local team members and HMS IT support staff to ensure that IT systems and equipment are in full compliance with Harvard University policies and requirements. For more information on the role and responsibilities of a security liaison, visit our liaison website.
- Information security liaison website
- Information security liaisons contact list
- Desktop and mobile security
- Set up two-factor authentication (2FA) through the Duo Mobile app
- Protect yourself from phishing attacks
- Email forwarding: risks and recommendations
- HMS IT security glossary
- Privacy and security in Dropbox Business
- Harvard’s Information Security Policy
Members of the HMS community: check your email inbox for these updates from HMS leadership.
- May 5, 2021 – "Urgent update: information security compliance" from Deans George Q. Daley and Lisa M. Muto.
- March 3, 2021 – "Information Security for the HMS Community," from Deans George Q. Daley and Lisa M. Muto.
- April 21, 2021 – "April update: Information Security for the HMS Community," from HMS Chief Information Officer Deborah Scott and HMS Information Security & IT Compliance Officer, Joe Zurba.
- May 5, 2021 - "Urgent update: information security compliance" from Deans George Q. Daley and Lisa M. Muto.