October 2005 is National Cyber Security Awareness Month www.it.utah.edu/leadership/security/University of Utah Office of Information Technology and Information Security Office Basic Computer Security Awareness Secure Passwords They are often viewed as a hassle, but easy-to-guess passwords are hackers’ first choice to gain access to information and your first line of defense. To create a secure password: • It should be 8 characters long • Use a combination of letters (MixeD CaSe), numbers, and symbols. • Don’t use birthdates, phone numbers, any family or pet names, or any part of your username. • Good examples: -Iam#7of9 (I'm the 7th of 9 children) -iC@nTgn0$ (I can’t get no satisfaction) • Never share your password with anyone! Locking Down Your Workstation • You should log out of your workstation's operating system when you leave, even for a few moments. Having a secure and hard to guess password is useless if a hacker can access your account because it is unattended. • Use a password-protected screen saver. You can choose the period of time lapse before your screen saver starts. Five minutes is a good choice. • Both of these settings require your department network password to log back in. See the Campus Help Desk Lock Down webpage for instructions on how to configure these settings: http://www.it.utah.edu/services/helpDesk/computerhelp/locking_faq.html Back Up Your Data If you have important files stored on your computer, copy them onto a removable disc and store them in a safe place, or to a network drive that your department’s computer administrator backs up. If your computer crashes, gets a virus or another incident occurs, you will not have to re-enter everything. Automatic Updates Hackers rely on the fact that many computer users fail to install software patches on their machines and create worms and viruses to exploit unpatched systems. Most software vendors, including Microsoft and Apple, offer updates to correct program flaws that malicious programs use to attack your computer. Running McAfee Anti-Virus is not enough. You can configure your computer to automatically seek out updates. See the Campus Help Desk web page at www.it.utah.edu/services/helpDesk/computerhelp/index.html#updates for details. Phishing Scams Beware of fraudulent emails and Web sites that masquerade as messages from familiar institutions. By tricking you into disclosing your Social Security Number, PIN number, a password, or an account number, identity thieves can drain your bank account or run up bills on your credit card. The best ways to avoid becoming a victim are: • Never disclose personal information in response to an unsolicited email • Never click on the link in the email • Always access the Web site by manually typing in the Web address in a browser October 2005 is National Cyber Security Awareness Month www.it.utah.edu/leadership/security/Antivirus and other security software Computer viruses can do a great deal of damage, to your machine and other networked machines. Run good virus scanning software upon starting up your machine. Keep it updated. Use it to scan all floppy disks and e-mail attachments before you open or run them. Periodically scan your hard drive(s). The Office of Information Technology has arranged for McAfee anti-virus software for home computer use to be offered to students at no charge and to staff & faculty at very low cost. It is available now through the Office of Software Licensing website at www.software.utah.edu. You can download the software, or order it on a cd and pick it up at the OSL office in Research Park. Just search for either McAfee or VirusScan. You can also find links to other free anti-spyware and firewall software downloads for home computer use on the Security Essentials area of the OSL website. You Think You’ve Been Hacked • Students connected to the campus network: Disconnect your computer from the network, but do not unplug your machine. Contact the Campus Help Desk at 1-4000, option 1, as soon as possible. • Staff/Faculty: Disconnect your computer from the network, but do not unplug your machine. Contact your department computer administrator as soon as possible. Peer-to-Peer File Sharing of Copyrighted Media It is a violation of federal law and University's Peer-to-Peer policy to share and/or distribute copyrighted materials without the permission of the copyright holder. This is typically done through file-sharing software like as BitTorrent, KaZaA, Emule, and Gnutella. File sharing software is most commonly used to download music, movies, software and other media. This software may turn your personal computer into a server, or upload site, even if that was not your intent. Violators may be subject to fines and civil and criminal prosecution under the provisions of the Digital Millennium Copyright Act (DMCA). The University's Information Security Office must, by law, terminate your campus computer connection if you are found violating copyright laws, and you may be expelled or fired if there is cause. Your connection may also be suspended if you are uploading very large non-copyrighted files. Note: many worms, viruses and other malicious code get transferred during peer-to-peer file transfers. U of U Staff & Faculty: IT Resources Security Policy The University Information Technology Resource Security Policy (PPM 1-18) states that "Users of IT Resources must not knowingly retain on personal computers, servers, or other computing devices, Private Sensitive Information, such as Social Security Numbers, financial information including credit card numbers and bank information, or protected health information, including health records and medical information" unless specifically approved by the Dean, Department Chair, or Vice President, and only when absolutely necessary to perform one's official duties. Each campus member is responsible for: • knowing what, if any, private, sensitive data is on their machines, • getting approval to retain or access it, and • putting in place measures to protect it. Note: Even though you don't need to comply with U’s PPM 1-18 policy at home when you’re not connected to the U network, all computers users should still know what private, sensitive data is on their machine, personal or otherwise, and take steps to protect or remove it.