|by Jodi Ito
“Cyber” threats are everywhere on the Internet -- from viruses, worms, spyware and other “malware” just waiting to invade your unprotected computer to very official-looking emails tempting you to give up your personal information (called “phishing”). The list of threats is endless and protecting our computers and personal information require constant vigilance and a growing awareness of our personal computing practices.
Any desktop computer or server could be used to host viruses, trojan horses, and other malicious programs. We should all be aware of the security issues related to our daily use of computers. Here are some basic steps and precautions that you can take to help secure your computer and to protect you and your personal information.
- Regularly download and install operating system and application security patches from your software vendors. (Microsoft users can go to: http://windowsupdate.microsoft.com and click on “Scan for updates”. Apple OS X users can click on “Software Update” in “System Preferences” under the “Apple” icon on the menu bar.)
- Use anti-virus software to scan all files and email attachments before opening them. UPDATE VIRUS DEFINITION FILES REGULARLY ! UH faculty, staff and students are eligible to participate in the University's McAfee anti-virus site license. For more information, go to: http://www.hawaii.edu/antivirus.
- Make regular backups of critical data (and test your backups to ensure they are readable).
- Use strong passwords. (See sidebar) Do not leave passwords blank and change the manufacturer's default passwords. Change passwords frequently. And protect your passwords – do not share them with anyone. For more information visit: http://www.onlinesecurity.com/links/links47.php
- Shutdown computers (or disconnect them from the network) when finished for the day (at work) or the evening (at home) or if leaving them unattended for long periods of time.
- Do not open email attachments from strangers AND be suspicious of any unexpected or unusual email from people you do know. Disable "previews" and automatic viewing/downloading of attachments and files.
- Test your systems for vulnerabilities. Use Web-based vulnerability assessment tools such as: www.symantec.com/securitycheck or www.grc.com (click on "ShieldsUp")
- Do not run unnecessary servers on your computer such as Web servers Telnet, FTP, IRC, etc.
- Download software from reputable sources such as: http://www.tucows.com and http://www.pcworld.com/downloads.
- Scan your computer regularly for “spyware” and use spyware removal tools. Additional information on spyware and removal tools can be found at:
- Visit only legitimate Web sites. Malicious Web sites can download and install malware on your computer turning it into a “spam generator” or a “zombie” which can be used to attack other machines.
- Do not reply to unsolicited (spam) email.
- Do not give out personal information (address, SSN, passwords, etc.) in response to unsolicited requests.
- Encrypt your files that contain personal information (TurboTax files, PDA information, password lists, etc.) Viruses have been known to send out random files from your computer to any email addresses that it finds on your system. Free encryption software can be found at: www.pgp.com/products/freeware.html.
- Be suspicious of email that appears to be from a legitimate organization (such as Citibank, Ebay, PayPal, FirstUSA, etc.) asking you to click on a link to update your personal information such as name, address, SSN, bank accounts, and credit card numbers. These are fraudulent schemes known as “phishing”. Personal information gathered is used (or sold) to commit fraudulent financial activities. NEVER update your personal information by clicking on the link in the email. If it seems legitimate, call the organization to verify the request and always type in the URL yourself. For more information on phishing and a list of current scams, visit: http://www.antiphishing.org.
- Do not use public computers or wireless networks for personal/confidential transactions. Public computers may have keystroke loggers installed on them and information transmitted over wireless networks may be more vulnerable to being illegitimately captured and viewed.
- Use only one credit card (with a low limit) for ALL online purchases.
- For all EFT (Electronic Funds Transfers) transactions, use only one checking account.
- Don't use your Social Security Number if at all possible.
- Do an annual credit check.
- Watch for unauthorized charges.
- Report fraudulent activities at: www.ifccfbi.org
|Create a Strong Password
Do not use words found in dictionaries, birthdates, names, or variations of your UH Username
Use a minimum of eight characters
Use upper and lower case letters
Include numbers and symbols
A good way to build a password is to use the first letter of each word in a phrase that you would easily remember, using numbers and symbols if possible. For example, "One is the loneliest number by Harry Nilsson" can be used to build the password: 1itl#bHN
Safe Computing Definitions
Definitions from Webopedia.com
Malware: Short for malicious software, software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.
Phishing: The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
Spyware: Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes.
Trojan Horse: A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
Virus: A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.
Worm: A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down.
Information compiled from:
UH IT Policies
Additional Resources on:
General Consumer Information