Protect yourself and the HMS community

Follow these guidelines to stay safe from malicious attacks

These recommendations supplement the security requirements listed on the main information security page. Follow these guidelines for additional protection against malicious attacks:

  • Keep your software updated

    Get the latest updates as soon as possible

    Don't use outdated operating systems and apps. Outdated software is not secure because it no longer receives security updates.

    Turn on automatic updates to your operating system and software. If you are prompted to update your system or apps, accept the update. Regularly check for updates when automatic updates aren’t available.

  • Use only trusted applications

    Avoid malicious or unsecure software

    Use well-known apps that you acquired legitimately. Avoid offers for deeply discounted software from unfamiliar sites. Don't download pirated software or other media; hackers often attach malicious software to pirated content.

    When working with sensitive HMS data, use only HMS-approved tools.

  • Browse the web safely

    Don't visit unfamiliar sites and limit cookies


    Only visit reputable sites. Be wary of unfamiliar domain names, especially if they ask for sensitive information or ask you to download something.

    Use a reputable browser. Only use web browsers that are well-known and updated regularly, like Chrome, Safari, Edge, and Firefox.

    Clear your cookies and history often. Don't accept third-party cookies. Cookies can slow down your browser and store personal information that could compromise your security. 


  • Separate work and personal data

    Use separate accounts and computers


    Use separate hardware for work and personal use. Don’t store HMS data on personal devices.

    Use separate accounts for work and personal use. Use different email clients and email browsers for work and personal use. Use separate accounts for file-sharing services like Dropbox or OneDrive. Don't store HMS data on personal accounts.


  • Secure your mobile devices

    Use encryption, avoid jailbreaking, and use official app stores

    Encrypt your devices. iOS devices are encrypted if authenticate with a PIN, Touch ID, Face ID, or another method. Encryption on Android devices varies by manufacturer. Check your manual or search for official instructions on how to enable encryption on your device.

    Set your device to erase automatically after several unsuccessful sign-in attempts.

    Don't jailbreak or root your device. Jailbreaking or rooting makes the device less secure and more susceptible to malicious software.

    Only purchase apps from reputable vendors. Don't download apps from unfamiliar websites. Use the official app stores.

    Assume security guidelines for desktops and laptops also apply to your mobile devices.

  • Use strong passwords and 2FA

    Use a password manager and change your passwords yearly

    Always set a strong password. Use a password manager so that you don’t need to memorize every password. That way, you can easily use a long, randomly generated password that includes upper and lowercase letters, numbers, and symbols. Don’t reuse passwords. Don’t share your password.

    A strong password has 10 characters or more, with a mix of upper- and lower-case letters, numbers, and special characters. The password should not contain dictionary words. Common words, such as password or Harvard should never be used in a password.

    Enable two-factor authentication (2FA) wherever possible. Check the account security settings in your software or service to activate 2FA if it is available.

    Change your passwords regularly. Harvard Medical School systems require you to change your passwords after a year of use.


  • Encrypt your data

    Encrypt all computers and devices to protect your data

    Use encryption. Encryption is one of the best ways to mitigate the risk of stolen data.

    The Harvard Information Security Policy requires that you encrypt all laptops or other mobile devices used to store Harvard confidential information. HMS IT strongly recommends that all devices be encrypted, regardless of the data stored or processed on them.

    Enable encryption everywhere that it is possible to do so.

  • Back up your data

    Use CrashPlan to safeguard your information

    Back up your data. Regularly scheduled backups are the best way to protect your data from unexpected loss, ransomware, and other risks. HMS provides backup software that you should install on any computer storing HMS data.

  • Dispose of hardware securely

    Wipe hard drives before recycling hardware

    If computer equipment designated for recycling contains data, contact your local Client Services Representative so they can erase the hard drive for secure disposal.

    For more information, read about computer and hard drive disposal at HMS.