Rutgers logo
Communicating about Rutgers
Rutgers logo
Communicating about Rutgers
Rutgers logo
Communicating about Rutgers
Rutgers logo
Communicating about Rutgers

Security


Website security refers to the measures taken to protect a website from cyberattacks, data breaches, and other malicious activities. Rutgers OIT goes to great lengths to ensure Rutgers websites are secure, but it is essential for individual users to be aware of security best practices.

Login credentials

Websites should be set up with a Rutgers authentication service such as CAS or Shibboleth. These tools provide two-factor authentication and federated login functionality. Using a federated login to access your website is preferred over using a username/password combination. If using a username/password combination is necessary, ensure your password is long, unique, unobvious, and easy for you to remember. 

User roles

User roles are the collection of permissions assigned to website editors. In general, website editors should have the minimum number of permissions needed to do their work effectively. For example, an editor who only adds images to a website likely does not need an administrative role that would allow them to change a website’s menus or footer content.

Work with your web and technical team to define, create, and assign appropriate user roles for your site.

Best practices

  • SSL/TLS Certificates: Implement an SSL/TLS certificate to encrypt communication between your website and visitors. This scrambles data in transit, protecting sensitive information like login credentials and credit card details.
    • Avoid “http.” Seek “https.”
  • Strong Passwords and Management: Enforce strong password policies for all website accounts (admin, user accounts, etc.). Avoid password reuse and consider a password manager to generate and store unique passwords securely.
  • Software Updates: Always keep your website’s core software, plugins, and themes up to date. Updates often include security patches that address vulnerabilities exploited by attackers.
  • Secure Web Hosting: Choose a reputable web hosting provider with robust security features like firewalls, intrusion detection, and regular backups. Reliable backups allow recovery in case of attacks or data loss.