Information Security Tips Archive
Cleaning Files? Protect Information! (September, 2009)
Its the start of a new semester and many times, the start of new file folders in file cabinets or on office computers. And for some of us, cleaning up the old files. Remember, just because the information is old does NOT mean it is okay to toss the files in the trash can. If you are cleaning out old paper files you MUST check documents for protected information. There are many regulations and industry standards which have to be followed regarding storage, timeliness of keeping information and proper disposal of information. It is difficult to stay on top of all of the requirements, but a good rule is if the documents are no longer needed or required to be stored and the documents include sensitive information, the documents should be shredded. Do you have old Floppy Disks or CDs storing sensitive information and which are no longer needed or required? Shred this media as well. When you delete files from your Windows XP or MAC OS computer, the files remain in your Recycle Bin or Trash. You still have to empty the Recycle Bin and Trashmake sure you do so.
In regards to proper disposal and reuse of computers, TCS takes precautions when computers are destined for the compound to securely and properly dispose of hard drives to help protect information. When computers are to be passed from one faculty or staff member to another, contact the TCS HelpDesk so the computer can be setup for the new user (and remove old data from the computer to protect the previous user). These simple steps help keep ESUs student, employee and business information safe.
Peer to Peer File Sharing (August 2009)
Emporia State Universitys security policies are in place to help not only protect ESUs information, but to set standards on acceptable computing using ESUs Internet access. ESUs Digital Millennium Copyright Act (DMCA) policy states ..users of Internet services and equipment and equipment provided by ESU are responsible for their compliance with all copyright laws pertaining to information they place on or retrieve from the Internet. ESUs DMCA policy references unauthorized distribution of copyrighted material, including music, movies, games and software distributed from a computer using peer-to-peer applications. Distributing copyrighted works without explicit permission from the copyright owner is considered theft and is a violation of ESU policy and Federal copyright law.
Many do not know they are distributing copyrighted works; most people think they are just downloading their favorite song, game or movie. Be careful using peer-to-peer file sharing applications.
Updated lately? (July, 2009)
Is your system software set up to get automatic software updates? If so, do you install the updates and reboot as necessary? Software updates are generally released to fix security holes known as exploits. Other times, they are enable new features in software. For all ESU owned Windows based computers, Windows Updates are "pushed" to the computers. The user simply needs to click on the GOLD SHEILD in the lower right hand corner of their desktop (in the system tray area of the desktop) and select INSTALL UPDATES. After updates are installed, you might need to reboot the Windows computer. DO SO IMMEDIATELY. Until the reboot is done, the updates are not applied.
For Macintosh based systems, system software updates can be checked through the Apple Menu and selecting Software Update menu item. In addition, many other software applications automatically check for updates periodically (e.g., Java, Adobe). Watch for messages to update the software and follow the instructions given for downloading and installing the updates.
Protect your information by updating system software to keep malware from installing!
To E-mail or Not To E-mail (June, 2009)
E-mail is becoming the standard of sending files to someone who needs access to the information you have. However, take care before sending that file by asking yourself a few questions.
- First, what type of information is in the file? Is the receiver authorized to see the information? If not, you should rethink sending the e-mail attachment to them.
- Second, is the information in the file protected information? If it is, is the e-mail being sent and read securely? When e-mail leaves the ESU system, it may no longer be secure. Secure transmission can be acquired by using digital e-mail certificates; much like certified postal mail, these certificates verify the delivery is secure. However, it is more difficult to verify the receiver is actually the person who opened the e-mail. There are other systems which allow you to login to a secure server and drop off and pick up messages and files. This does not allow for secure transmission, but verifies the authentication of the person picking up the message.
- Finally, does the file need to be sent via e-mail? If it is being shared within ESU, is there be a place on a network share where the file can be stored and retrieved securely?
There are many more challenges to securing digital information than hard copy information alone. Think before you hit the SEND button to protect your information!
Is Your Data Safe? (May, 2009)
Keeping your information safe starts with keeping your computer system free from Spyware and safe from thieves, while deleting information no longer needed on your system. Besides using anti-virus software, keeping your software up to date and using strong passwords, users should dispose of data in a timely manner. Its easy to store information on your computer and forget you have it. Periodically, go through your documents and delete what no longer is needed. And dont forget that when you delete items, you need to empty your recycle bin or trash bin. Frequently scan your computer for spyware. Consider using a firewall to protect your system (Windows XP and Vista systems have software firewalls which can be enabled). In addition, be careful installing extra software. For instance, when installing a Java update, many times there are options listed to download and install additional software or utilities. Do not always assume it is OK to install that extra software. There could be hidden risks, even if the software is legitimate. Bottom line: if you dont need it, dont install it.
Peer to Peer File Sharing (April, 2009)
Emporia State Universitys security policies are in place to help protect not only ESUs information, but to set standards on acceptable computing using ESUs Internet access. ESUs Digital Millennium Copyright Act (DMCA) policy states ..users of Internet services and equipment provided by ESU are responsible for their compliance with all copyright laws pertaining to information they place on or retrieve from the Internet. ESUs DMCA policy references unauthorized distribution of copyrighted material, including music, movies, games and software distributed from a computer using peer-to-peer applications. Distributing copyrighted works without explicit permission from the copyright owner is considered theft and is a violation of ESU policy and Federal copyright law.
Don't be a Victim! (March, 2009)
We have all seen at least one e-mail using phishing to try to gain access to personal information. As we become more and more vigilant verifying e-mail, the bogus e-mailers get more and more sophisticated; the messages look more and more like authentic e-mail. Here are some tricks to use when trying to determine if e-mail is authentic:
First, always check the sender's e-mail address. Does it match the type of information being displayed in the e-mail?
Second, there is NO REASON for a bank or other type of financial institution to verify your information via e-mail. In addition, TCS will NEVER ask you to verify your account or do anything to your account by asking you for your PASSWORD. NEVER RESPOND TO ANY E-MAIL ASKING FOR YOUR PASSWORD. If you wondering if the e-mail is authentic, CALL THE ENTITY claiming to send the e-mail.
TCS has become more vigilant about notifying users of issues through either the HelpDesk e-mail account (helpdesk@emporia.edu) or individually by a member of the TCS department.
Lastly, always be suspicious of clicking on a link supplied in an e-mail asking you to verify your account information. There are numerous e-mail hoaxes coming into mailboxes daily. Don't be a victim. Always check it out.
Watch out for SPAM (February 2009)
ESU employs an e-mail device, to help stop SPAM or e-mails with viruses. However, at the rate that new types of SPAM and viruses are being created, the device is unable to catch all unwanted or malicious e-mail.
You must be diligent as well. First, you should NEVER respond to an e-mail asking for your logon information or any personal information. The TCS HelpDesk will not ask you to verify your password through e-mail. Banks are unable to ask you to verify information via e-mail. If you are unsure if the e-mail you received is legitimate, contact the sender via phone. Be careful clicking on links included in an e-mail. Sometimes the link in the e-mail looks legitimate, but it may actually connect to a malicious web site designed to download and install unwanted controls or software. If you are not expecting an attachment from someone, do not open it until you can verify from the sender that it's a legitimate, safe attachment. Compare e-mail to a strange box arriving on your doorstep. Would you open the box without another thought, or would you take a moment to make sure the box is safe? Email attachments and url links need to be considered the same way.
Cleaning out Old Files (January 2009)
The start of a new year is a good time to think about all those files you store on your computer. Are you keeping old files you no longer need to keep on your computer? It's easy to forget what files you keep on your home computer. Did you once keep track of all your passwords for all the different web sites in a Word file? You should consider not storing that information on your computer. What if a new virus or exploit has unknowingly opened up your computer to those electronic thieves? Do you have old tax returns stored on your computer? Do you need to keep them? If so, can you back them up to CD and remove them from your hard drive? For those of you with office computers and network storage (also known as i: drive), do you need to keep all those files stored on disk, or can you burn them to DVD or CD for archiving purposes? Take the time to clear out the clutter from your computer storage.
Online Shopping Tip (December 2008)
Online shopping is an easy way to do your holiday shopping, but beware! When shopping online, make sure the web site you are connected to is a secure site; look for the padlock in the browser status bar at the bottom. Make sure you are shopping from a well known "store." Be careful giving out your personal information and credit card number. Take the time and read the fine print.
This time of year also brings out the scams. A popular one is an e-mail disguised as coming from Fed Ex or UPS, asking you to click on a link because they need to verify information regarding a package being delivered to you. Go directly to the shipping vendor's web site. Visit FedEx or UPS directly. Both of these sites have ways for you to track a package if you sent it. The sender will be responsible for the information for the delivery of the package.
Another e-mail scam is picking up digital cards or e-greetings. Always be careful clicking on links in an e-mail, because it could be a malicious site trying to install malicious software on your computer without your knowledge.
Remember: Keep your information safe. Do not respond to e-mail asking for your information or password!
Antivirus Software (November 2008)
Do you update your antivirus software? You should. TCS installs the antivirus software Sophos on all ESU-owned computers . TCS maintains the updates for Sophos, and they are pulled from the ESU computer to get those updates when the computer is connected to the Internet. However, if you use your own computer/laptop to access the ESU wireless network, you are responsible for purchasing/installing and keeping your antivirus software up to date. TCS does what it can to stop viruses from reaching your e-mail account and the ESU owned computer you use, but to protect your information and your personal computers, you need to take an active role.
Remember: Keep your information safe. Do not respond to e-mail asking for your information or password!
National CyberSecurity Awareness Month! (October 2008)
October is National CyberSecurity Awareness Month and ESU is having Security Awareness Days each Wednesday in October. From 11 am until 1 pm at the TCS Kiosk in the Memorial Union, there will be information, games, prizes and treats available for the ESU community. Stop by and pick up some tips and tricks regarding fighting phishing, viruses and spyware. Stop by and pick up a treat of candy or popcorn. Stop by and enter win a drawing for a weekly prize. Watch Buzz In for announcements and tips each week on how to protect your information and your computer.
What is the deal with the gold shield in the bottom right hand corner of my Windows screen? The first Tuesday of each month (and whenever there is a major exploit discovered), Microsoft releases patches to the Windows software. These patches are pieces of program code which will help the computer's Windows system be more secure. For all ESU owned computers, patches will be downloaded automatically — but you must apply those patches. When Windows is downloading or ready to install the patches, the gold shield will be displayed in the lower right hand corner of your screen. Click on the shield and select INSTALL. For some patches, you will need to reboot your Windows computer — go ahead and do it. These patches are necessary to install, but won't be applied until you reboot the computer.
Do you have an Apple iBook or Mac desktop computer or a personal Windows computer? Download updated software manually. For Windows, click start, All Programs, Windows Update and follow the prompts. For Mac and iBook computers, click on the Apple, select Software Update and follow the prompts.
Remember: Keep your information safe. Do not respond to emails asking for your information or password!
Good Email Practices (September 2008)
Over the last few years, there have many attempts to obtain people's identity through email hoaxes using a technique named “phishing.” It was easier to suspect those email because there would be misspelled words, phrases which did not make sense or the email did not look legitimate. However, those email phishing attempts continue to look more and more legitimate and have lured unsuspecting people to give usernames, passwords, personal information such as social security numbers to match those with public information like a birth date and address. Always be suspicious of any email which has a message asking for any of this type of information.
The ESU HelpDesk has been instructed to not ask for passwords and social security numbers. ESU does not ask you to verify information to keep your account active. Banks do not ask you to verify your information via email. Think about who might be at the other end of the email, regardless of their email address. Think about why they would need the information. Question them. If you know (or think you know) who is asking, call them and ask them why they need this information.
By the way, think before clicking on a URL or opening an attachment. Were you expecting the attachment? Where does the link in the email really go? Is it a safe site or a site filled with malicious code to install unwanted spyware or Trojan software? Keep your information safe.
Start good email practices today: Do not respond to the "Update Your emporia.edu Email Account To Avoid Closure" e-mail. Delete it!
Sharing Your Password (August 2008)
When you share your password with someone else for whatever reason, you have just given the person the capability to look at your personal information, to use your account to send unauthorized email from your account, to change YOUR information or submit a discussion item in your Blackboard course.
Do not share your password. If you have shared your password, change it immediately in Buzz In (after logging into Buzz In, scroll to the bottom and select PASSWORD MANAGEMENT).
Remember: protect your information through protecting your authentication.
E-MAIL Hoax Alert (July 2008)
A new e-mail has made its way onto campus that you need to be made aware is NOT a valid e-mail. It shows the sender to be EMPORIA HELP DESK. The subject is Dear emporia.edu User (Verify Your Account) and the body of the message asks for your USERNAME and PASSWORD, while asking you to verify your email address at https://buzzin.emporia.edu. This email is a PHISHING email. DO NOT REPLY. The email address is actually an account at GMAIL; NOT the TCS HelpDesk. Someone is trying to gain access to your account. Please delete the email.
If you already replied to the email, thinking it was valid; change your password IMMEDIATELY and contact Cheryl O'Dell.
For future reference, the TCS HelpDesk will NOT ask you to verify your username AND password via email. Also, the HelpDesk email account will show FROM as helpdesk@emporia.edu.
Be on the alert always when an e-mail arrives asking you to verify your account. Contact the HelpDesk (extension 5555, locally at 341.5555, or toll free at 877.341.5555), or contact me directly to ask if an email is valid.