The integrity of our educational and research missions is critically important. Given that most of our daily activities are executed on or enabled by IT systems—from laptops and mobile devices to servers and high-performance computing platforms—threats to those systems endanger our mission.

Confronting these ongoing attacks and their inherent risks will require every member of our community's commitment and action. These requirements apply to any computer owned by HMS or purchased using grant funding, including laptops, desktop computers, servers, and software.

Security requirements

  • Requirements for all

    Install security software and stay up-to-date
    Install software Update your OS

    This software and these updates must be applied to any computer owned by HMS or purchased using grant funding. These systems include laptops, desktop computers, and software. These requirements and two-factor authentication (2FA) help protect your data.

    None of this software tracks or reports the data stored on your computer.

    The requirements include:

    • Systems management software (SMS) – Install systems management software (SMS) to enable HMS IT to update your system with the latest security patches and virus definitions. After you install SMS, the threat-monitoring software CrowdStrike and hardware inventory software will be automatically installed.  
    • Threat-monitoring and antivirus software – Install CrowdStrike, which provides antivirus protection and helps Harvard respond quickly to advanced attacks using malware and stolen credentials. After you install SMS, CrowdStrike will be automatically installed. Those not eligible for SMS can install Avast for macOS or use the built-in Microsoft Defender Antivirus for Windows computers.
    • Updates to your computer's operating system and software – Immediately install updates that address security vulnerabilities. Apply other updates within 30 days of their release. To check if your system is up-to-date, review the HMS-supported operating systems.

  • Requirements for system administrators

    Ensure your systems are compliant
    Add 2FA Apply patches
    • Secure administrative accounts used to manage HMS software or systems – Enable two-factor authentication (2FA) to secure all administrator accounts on the systems you manage.
    • Enable 2FA for all users on any HMS software or systems you manage – Email iso@hms.harvard.edu to request a security review of your authentication methods.
    • Update your operating systems and apply patches to servers – Immediately install updates that address security vulnerabilities. Apply other updates within 30 days of their release.
    • Remove internet access for outdated hardware and software – Block internet access to any system with hardware or software that the manufacturer no longer supports.
    • Deploy vulnerability-scanning software – Uncover weaknesses across your systems by deploying CrowdStrike and Tenable® scanning software. Connect to a VPN to download this software, then email iso@hms.harvard.edu for assistance configuring the software for your environment.

Security services

Report a security incident

Get expert support in response to a security incident

Request a security review

Request an assessment of systems and vendors

Report phishing emails

Notify us if you’ve receive suspicious email messages

Stay protected

Network access

Security software

Featured resources

Guidance

Secure your devices

Follow these guidelines to keep your information secure

Connect to VPN

Connect to campus resources through a secure VPN

Information

Security policy

Learn about the HMS policy on cybersecurity

Collaboration tools

See which tools to use based on the info you're sharing

Additional resources

Security practices

Harvard IT security resources