Security Awareness Training and Education (SATE)
It is important to take the following simple steps to ensure that your computer and your information are protected against hackers, viruses, and other threats. (For more information, click on each step.)
Step 1) Promptly apply security "patches" for your operating system
Your computer should be set up to automatically download free software updates that patch newly identified security holes. Malicious traffic often attempts to exploit security holes that were inadvertently built into the design of in your computer’s operating system (OS). If such a security hole is discovered, the OS manufacturer will quickly develop a "patch" — a supplement to the original software designed to plug the hole.
Step 2) Run the current antivirus software and set it for regular, automatic updates
Antivirus software can quickly detect when viruses, worms, and other types of malicious code are introduced to your computer. Current antivirus software versions provide important new benefits, for example, the current version of Symantec for Windows identifies and removes adware and spyware. Since antivirus software checks against numerous known threats, it’s essential that your software receive regular updates (daily for Windows computers, weekly for Macintoshes) so it immediately recognizes the latest new threats.
Step 3) Assign complex, hard-to-guess passwords to your accounts and protect them
Two of the biggest security problems on campus are the failure to assign passwords to individual computers and the use of weak, guessable passwords that cannot withstand automated password cracking attempts. Complex passwords prevent hackers from stealing confidential information or "stealth installing" malicious code that can render your machine unusable or turn it into a site for attacking other computers on the Internet.
Above all, don't share your password with anyone, and don't write it down - the only secure place for your password is in your head. If you need to write it down, treat it like a hundred dollar bill, keep it in a safe place.
Step 4) Be careful with that email message
Without a doubt, the Number One method by which viruses, trojans, worms and "backdoor" programs are propagated is via e-mail attachments. More often than not, if you receive an attachment that you weren't expecting, or is from someone you don't know (and don't know why they're sending it), chances are that the attachment carries some variety of "malware" just waiting for you to set it loose by opening the attachment. The latest trick is the use of messages with links that take you to a site that uploads malware to your computer without your knowledge.
So, in short: if you get an email attachment, unless you feel very confident about what it is, where it came from, and why it was sent to you - Don't open it!
If your email looks suspicious don’t click any links. Delete it immediately.
Step 5) Be alert for "phishing" scams that can result in identity theft
"Phishing" refers to forged email purportedly from a legitimate business or college office, quite possibly one you've dealt with. The email often refers to a problem with "your account" and contains a link to a website that looks legitimate but is designed to trick you into entering sensitive information, such as your Social Security Number, an account password, a credit card number, or your password. Reputable businesses never solicit you to provide or confirm sensitive personal information in email or over the Web.
Step 6) Activate your system’s firewall (Windows & Macintosh OS X have it)
Don't be put off by the word "firewall." It's not necessary to fully understand how it works; it's enough to know what it does and why you need it. Firewalls help keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don't permit. Your system's firewall provides protection against malicious activity by examining and restricting bad network traffic to your computer.
Step 7) Watch out for "Social Engineers"
"Social engineering" is a term that has come into use to describe the activities of what is, essentially, pretexting (lying to gather information). Their game is to get someone to give them privileged information willingly.
A social engineer is the kind of creature who will walk into a busy office casually, announce he's been sent to fix the president's computer, impatiently demand to be shown where it is, then calmly say, "I need his user name and password - what are they?", secure in the knowledge that someone will at least try to get the information for him. Sometimes they will call on the phone and say, "This is Officer Smith from the Portland Police Department. We are looking for Ann Whosis; what is her home phone number?"
If you have doubts, tell the caller/visitor, you need to contact a supervisor put them on hold. If they are legitimate, they will wait for verification, if you get a call at home, tell the caller you don’t give personal information over the phone-ever.
Step 8) Don't leave a computer you're logged into unattended or unprotected.
This is very important not only when using your personal computer in your office or classroom, but also when you are using public lab computers that are used by many other people, often in rapid succession. If you forget to log off a lab computer after finishing your session, you give the next person at the keyboard an open door into your account which they can use to read your email, personal financial information and other sensitive data. They could even change your password and lock you out of your own account!
Step 9) File sharing: "Instant lawsuit, just click OK"
With music services such as iTunes, there's a high level of confidence that you're dealing with reputable people, and the transaction is done using a secured connection. File sharing programs on the other hand are designed to sneak past all of the measures you’ve read so that it can operate in a stealthy manner on your computer opening holes and sometimes giving access to very personal files without your knowledge. If that weren’t enough, penalties for illegally downloading songs can be up to $25,000 per instance. Do not use file sharing applications such as Limewire and Bit Torrent on systems that connect to PCC.
Step 10) Data on paper is the same as data on the screen
Sometimes it's necessary to print out copies of important or sensitive data. If you have sensitive printouts, don't leave them lying around where unauthorized, prying eyes can see them. The data is just as sensitive and confidential on a printed page as it is on a computer screen, and if you don't want it read on the monitor, you probably don't want it read anywhere else. Keep important printouts in a secure location, and when you don't need them anymore, don't just throw them in the recycle bin - shred them. Personal shredders ("cross-cut" not "strip") are inexpensive and very useful in not only disposing of confidential printouts, but also junk mail, credit card offers and other printed material that may contain information about you that could be useful to identity thieves.
Step 11) Back up important files
If you follow these tips, you're more likely to be more secure online, free of interference from hackers, viruses, and spammers. But no system is completely secure. If you have important files stored on your computer, copy them onto a removable disc, and store them in a safe place.
- Laptop and Mobile Device Security -
- Do you use a laptop? Learn how to keep it, and your information secure.
- Drive-By Download [watchguard]
- Corey Nachreiner shows what happens when a Windows XP computer browses the kind of malicious Web site that takes over your PC the instant you visit. Running time is12 minutes.
- Bud Logs In
- Created by WatchGuard Technologies, Inc. Watch as hapless Bud makes every password mistake in the book! Shudder as he blunders through one near calamity after another. Chuckle at the painful familiarity of his plight. Will Bud ever succeed in his quest to log in?
- Facebook Stalker Pun [youtube]
It would be funny if it weren’t true. This video pokes fun at the "features" Facebook and other sites such as MySpace have that enable others to gather far more information than they should. Consider how information about yourself people really need to know.
- Bud has Mail [watchguard]
See Bud's latest misadventure as he learns what can go wrong when he clicks on a malicious email. Learn from Bud's mistakes how to handle email more safely.