University of
ConnecticutLock your computer whenever you are not using it.
You can't be sure who is using your computer when you get up from it. You should always lock it when not in use. Even if you plan to be close to your computer when you get up from your desk.
On Windows you can lock your computer by pressing Ctrl+Alt+Del and choosing Lock Computer. You may also press the Windows logo key +L in order to quickly lock your screen.
On Macintosh launch /Applications/Utilities/Keychain Access.app. Select Preferences from the Keychain Access menu and select the Show Status in Menu Bar check box and close Preferences. A padlock icon will appear in the menu bar with options to lock the screen and/or your keychain. You can use the Lock Screen option to lock your screen immediately before you step away from your computer.
10/2/2008:
Use a strong passphrase that cannot be easily guessed and never give the passphrase to anyone.
A passphrase is a series of words used as a computer password. Never write down your passphrase. Never give it to anyone.
Passphrases can be combination of words, acronyms, phrases or quotations which are used to identify you to a computer. It can be a combination of quotations from your favorite books or songs, a childhood phrase, or anything that is meaningful to you.
Tip: Need help creating a passphrase? Try this site: http://en.wikipedia.org/wiki/Passphrase
10/3/2008:
Set your computer's Screen Saver to require a passphrase when the computer resumes.
A passphrase is a series of words used as a computer password. Your computer is not safe just because the screensaver is active. Requiring a password when the screensaver stops is the equivalent of requiring a password when the computer boots up.
On Windows, click on the Start button and select Control Panel. In the Control Panel window, double-click on the Display icon. Click the On resume, password protect checkbox.
On a Macintosh, go to your Apple menu, and select System Preferences. In your system preferences pane, click on Security from the Personal row and check Require password to wake this computer from sleep or screen saver.
10/4/2008:
Do not have your computer or web browser store password/passphrases for critical systems.
Although this may be convenient, this poses a security risk for your computer and data.
Think about the systems you have access to log into. Gaining access to those stored passwords may provide an attacker with access to many different systems and the ability to make modifications to critical data.
Take the time to log in each time you require access!
10/5/2008:
Delete social security numbers from your computer.
In most cases, it isn't necessary to store Social Security numbers on your computer. Either delete the files, or delete the numbers from your files.
Need help locating the sensitive data? Look at http://tss.uconn.edu/spider.html for help.
10/6/2008:
Write down your computer's MAC Address.
Your computer's MAC address may help in certain situations if your computer is lost or stolen. Write it down, along with the serial number, make, model, and manufacturer of your computer. The more information the better. Keep the information in a safe place.
Need help finding your MAC address? See http://itsnews.uconn.edu/index.php?newsid=144 for details.
10/7/2008:
No one from the Help Desk needs your password!
If you are asked for your password, question why it is needed. UITS support staff will never ask for your password in person, by phone, or by email!
If you are sent an email asking to provide your password, DO NOT REPLY. Forward the email to security@uconn.edu and delete the message!
10/8/2008:
Do not download files from unknown sources.
Not all files on the Internet are safe. Not all web sites are safe for that matter. Opening files, installing software, or even surfing unsafe web pages are easy ways for attackers to put viruses and spyware on your computer.
When using your web browser think twice before downloading or opening a file. Only download files you know are safe. Install only the software you know is safe.
10/9/2008:
Do not open all email attachments.
Do you recognize the person sending you the file? Were you expecting to receive an attachment? If the answer to either of these questions is no, then perhaps you are better off deleting the email.
If you open it, your computer could be infected with a virus or spyware. Even if the file is a Word document, Excel file, or other file that appears safe, think twice before opening attachments!
10/10/2008:
Protect your home wireless network.
The University offers a secure wireless network for your use; however, if you are using wireless at home, be sure that it is protected. If not, you may be allowing others to eavesdrop on your conversations, use your Internet connection, or connect to your home computer.
Your wireless router is not configured securely when you buy it. Make sure you are using the highest level of security possible. For wireless routers and network cards that support it, WPA is more secure than WEP.
Because all router configurations are different, you should check the documentation that came with your router for instructions on configuring security.
10/11/2008:
Use a firewall.
Most computer operating systems come with a firewall which can be used to protect your computer from unauthorized network access. It is a good idea to turn on your firewall and configure it to be as secure as possible.
When necessary, allow applications to bypass the firewall by granting access when requested. However, be sure of what you are granting access to. If it is an application that you do not remember starting, perhaps there is software trying to access the Internet from your computer. This could be spyware attempting to steal your information and send it to a remote attacker.
10/12/2008:
Shred your documents.
Don't throw anything in the trash that has personal or sensitive information on it. Be sure that the information is shredded before putting it in the trash or recycler.
10/13/2008:
Pay attention to that login page!
Most of us trust that web sites asking for a username and password are secure. However, some web sites are set up to ask you for this information in an insecure way and redirect you to a secure web page upon login.
How do you know if a web page is secure? Look at the address bar. If there is an https, it is secure. If it is http, it is not secure.
Hint: if a login page is asking for your credentials on an insecure web page, provide a fake username and password. This is usually enough to redirect your browser to a secure site where you can enter your true credentials.
10/14/2008:
Don't click OK!
When browsing the web or running programs on your computer, many of us are tempted to click OK or Continue when presented with a warning message. However, it can be critical to take the time to read the warning message.
In some cases, you may find that the message is pointing out a security (or SSL) certificate issue. What does this mean? It could mean that someone is trying to listen in to your web conversation. While this isn't always the case, paying attention to that warning message can be more important than you think!
10/15/2008:
Does that offer sound too good to be true? It just may be!
Have you ever won the lottery without actually playing the lottery? Have you wondered why someone in Nigeria would actually have chosen you as the beneficiary of a large sum of money? Generally, if the deal sounds too good to be true, it probably is!
As a general rule of thumb, don't respond to any deal, offer, or raffle that is unsolicited. You most likely wouldn't trust this type of solicitation in person or phone. Don't trust it via computer either!
10/16/2008:
Install antivirus and update it regularly.
Did you know that the University pays for antivirus software for all faculty, staff, and student computers whether University-owned or personal computers? This is true for Windows and Macintosh computers.
You can find the software at http://antivirus.uconn.edu. While there, make sure you are running the latest version and be sure that your antivirus is updating every day!
10/17/2008:
Look at your bank statements regularly!
Review your credit card and bank statements for unusual activity and report the discrepancies right away. Also, be aware of statements, checks, or other financial information you are expecting via mail but does not arrive.
If you experience any of these unusual activities report it to a bank representative immediately.
10/18/2008:
Social Security number? No way!
If someone asks you for your social security number or other personal information you have the right to question how it will be used. You may also have the right to refuse to provide it. While in some cases providing the information is necessary, you should always inquire about how it will be used, where it will be stored, how it will be protected, and if there are any alternatives to providing it.
Never provide your Social Security number unless it is absolutely necessary and you are comfortable with how it will be handled. Also, ask if there is another identifier, or piece of information that you could provide instead that would fulfill the requirement.
10/19/2008:
Don't get hooked by a Phishing expedition
Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message.
Remember, UITS will never ask you for this information. Never send personal or financial information by email and be cautious about opening any attachment or downloading any files from emails you receive regardless of who sent them.
10/20/2008:
Are you a victim of identity theft? Are you sure?
Do you monitor your credit report regularly? Request a credit report at least once every year to be sure that there are no unusual accounts which you do not recognize and no negative findings on the report that you are not aware of.
Did you know that Connecticut residents may request a free credit once every year? It's easy; just visit http://www.annualcreditreport.com.
Tip: Your credit report is most important; it is not necessary to pay for your credit score.
10/21/2008:
Beware of the toolbar!
Have you recently installed software from the Internet that installed a toolbar into your web browser for searching or keeping track of news? If so, you may notice that your computer is running slowly.
Not all software is created to help you be more productive. Some software which looks harmless, or even helpful, may be installed on your computer for the purpose of spying on you, stealing your information, or using your computer for other malicious activity.
Tip #1: Don't install software from the Internet unless you are sure that it is 'spyware' free. Things that appear to be too good to be true often are and that software may be loaded with spyware to be used against you.
Tip #2: Use antispyware software. For Macintosh computers, spyware isn't a big problem, and there are not as many acceptable spyware software packages to use. For Windows computers, download the latest Symantec AntiVirus (http://antivirus.uconn.edu), which has spyware protection built in; Or, if you prefer to use a separate antispyware program, try Microsoft Windows Defender, a free program which works very well against spyware. You can find Windows Defender here: http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
10/22/2008:
Use Social Networking Responsibly
Social networking sites like Facebook or Myspace are extremely convenient for keeping up with friends and family from around the world. However, posting certain information on these sites can lead to identity theft and other crime.
Tip #1: Be sure you know who you are sharing information with. Most social networking sites have privacy settings that allow you to choose who is able to see your information.
Tip #2: Don't accept a friend request unless you know the other person. While these web sites were created to network with other individuals, there are some users of these sites who are malicious and try to use the site for personal gain. Be sure you know who you are friending!
Tip #3: Don't share too much information. Sharing your birth date gives identity thieves a huge advantage. Sharing that you are going on vacation for the next week let's people know that your house will be unoccupied. Be careful with what information is shared and don't share too much! 10/23/2008:
Check that password!
Are you using the same password for the computer systems you log into? Does that password ever change?
While it makes sense to use a secure password for all systems you access, if you use a single password for all systems and that password is compromised, think of the information someone may have access to.
Consider having different passwords for your GMail account, online bank account, University accounts, etc. It may be more to remember, but if someone accidentally stumbles across your Internet email account password, at least your bank account will still be safe!
10/24/2008:
Think that software is secure? Guess again!
If you are using Macintosh OS X, a Linux operating system, or Mozilla Firefox, are you safe from attackers? Not necessarily.
Generally, certain software is considered 'safer' because attackers don't give it the same attention that Microsoft products are given.
Because thieves use computers, software vulnerabilities, and identity theft to make money, the most effective way to make the most money is by attacking large targets. Traditionally, this has been Microsoft products, such as Windows, Office, and Internet Explorer.
However, don't be fooled by this argument. Thieves will attack any computer system or software which can be targeted; and all software is a target. Coding perfectly secure applications is near impossible so that every software application has vulnerabilities from time to time.
Tip: Update your software! Most applications come with automatic downloads of patches and updates. Make sure that you are updating every piece of software you use on a regular basis. New vulnerabilities are found every day. If one doesn't exist today, there may be one tomorrow. Be vigilant and keep that software updated!
10/25/2008:
Have a nice day. Without the smiley!
You may know that some web sites allow you to use their email stationary to make your emails look more colorful, animated, and appealing. However, this could come at a cost.
Many of these 'services' provide you with the ability to use their stationary at the cost of your email address. What does that mean? By installing the software you may be authorizing the company to use your email address in any way they see fit. This includes selling your email address to third parties, who may use it to sell you products (SPAM email), or steal your information (Phishing email).
Don't provide your email address unless you are sure how it will be used. Read the terms and conditions of installing the software. You may not like what they have to say.
10/26/2008:
Whoa, That's Awkward!
Think before clicking on a URL link in an email or IM. Do you know the person who sent it? Is the URL really taking you where you believe you are going? It is easy for someone to disguise a link so that it looks like it is going to a legitimate site but takes you somewhere else. Be sure before clicking!
You can learn more about the dangers of indiscriminate clicking by viewing the 2nd place video, titled "Whoa, That's Awkward," in the 2007 Educause Computer Security Awareness Video Contest. The video is available at:
http://www.researchchannel.org/securityvideo2007/displayevent.aspx?rid=10996
10/27/2008:
Be careful with email asking for your username and password
Afraid you are going to lose access to your account if you don't take action immediately? It's possible that the email message explaining this is a hoax designed to steal your personal information.
Beware of the following phrases in email messages:
1. "Click the link below to gain access to your account"
Although the link and web site look authentic, it may be a phony designed to look like the original.
2. "If you don't respond within 48 hours, your account will be closed"
Although there is a sense of urgency stop and think before acting.
3. "Dear Valued Customer"
An e-mail designed to appeal to apply to anyone who reads it, not personalized with your information.
Most reputable organizations will never notify you in these ways, even if 'your account has been compromised'. Don't click the link; don't provide your username and password; don't reply to the email message.
Tip: If you receive an email with this type of information and aren't sure about its legitimacy, either contact the organization via phone, or open a web browser, type in the organization's web address, and log in as you normally would.
10/28/2008:
Sharing files? Which ones?
File sharing has become easier than ever, with an increasing amount of software programs available to set up a 'peer-to-peer' connection in order to exchange data. However, many of these software programs are configured with default settings upon installation. Are you sure you aren't sharing out your entire documents folder rather than the one research paper you are collaborating with others on?
Many attackers today use peer-to-peer file sharing networks to search for personal information, such as social security numbers, drivers license numbers, dates of birth, etc. These pieces of data are often stored in files, and may be inadvertently shared to all users on peer-to-peer file sharing networks.
Tip: If you are using file sharing programs (LimeWire, Gnutella, Shareaza, etc.) to exchange data, be sure of what data you are sharing: First create a folder on your computer, then move all the files you want to share into that folder. Next, use the your file sharing program's settings to limit the shared files to only the folder which you created. When you want to share more files, just drop them into the folder.
10/29/2008:
What should you do if your identity is stolen?
File a police report; immediately. Also, if your identity is stolen, check your credit reports, notify all creditors, and dispute any unauthorized transactions.
In addition to this, you should immediately place a fraud alert on your credit reports. You can do this by contacting the toll-free fraud number of any of the three consumer reporting companies (TransUnion, Experian, and Equifax).
For more information, and additional steps you can take in the event that your identity is stolen, see:
http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/defend.html
10/30/2008:
Back up important files!
No system is completely secure. If you have important files stored on your computer, copy them onto a removable disc, and store them in a secure place in a different building than your computer. Also, make sure you keep your original software start-up disks handy and accessible for use in the event of a system crash.
10/31/2008:
Treat your laptop like cash.
If you had a wad of money sitting out in a public place, would you turn your back on it-even for just a minute? Would you put it in checked luggage? Leave it on the backseat of your car? Of course not. Keep a careful eye on your laptop just as you would a pile of cash.
Source: http://staysafeonline.org/basics/laptoptips.html