Computer Security Training

Summary

OIT Security Best Practices

Body

TERMS

The following are a list of terms and their general definitions.

Firewall: A technological barrier designed to prevent unauthorized or unwanted communications between computer networks or host.

Intrusion Prevention Systems (IPS): A network security appliance that monitors network activities for malicious activities.

Virtual Private Network (VPN): Allows remote users to access internal information securely.

Anti-Spam Device: A network device that inspects incoming email for spam.

Phishing:

Phishing is an example of social engineering techniques used to deceive users and exploits the poor usability of current web security technologies.
Used to acquire sensitive information; usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
Common examples: Communications purporting to be legitimate social web sites, auction sites, financial institutions, or IT administrators.
It is typically carried out by email spoofing or instant messaging.

Spear Phishing: Targeted Phishing attack.

Phone Phishing: A Phishing attack over the phone.

SECURITY 101

The following are a few useful pieces of information to better understand email and computer security.

Lock your computer when you are away from it by pressing the Windows key and the ‘L’ keep.

Back up all important data to the H Drive (Home Drive). OIT backs up all H Drives.

Do not store sensitive information on your C Drive, thumb drives or other portable devices.

Do not give your password to others. This including long distant call out codes.

Do not write your password down and leave it near to your computer.

If your computer is stolen – report it immediately to Campus Police and your supervisor.

If you are unsure about an attachment do not open it and report it to the Help Desk.

Remember emails is like a post card. Do not put information in an email that you would not write on a post card.

AVOIDING PHISHING

Never give out personal or financial information. (This includes following/clicking links sent in the email).

Do your best to verify website security:

Inspect the URL of a web site.
Bookmark all sites you do business with and use them instead of links sent in an email or instant message that say they go to the site.
Be cautious as bogus sites may appear almost identical to the original.
Be aware of domain usage (.com versus .net, etc.)
If you are unsure whether an email request is legitimate, try to verify it by contacting the company/person directly. Do not use any contact information from the email.
Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group. www.antiphishing.org

PHISHING EMAILS

Here are some examples of Phishing emails and how to identify them as such.

WHAT IF YOU WERE PHISHED?

Report it to the Help Desk immediately (801-957-5555 or ext 5555).

If your financial accounts may be compromised, contact your financial institution immediately and watch for any unauthorized charges to your account(s).

Consider reporting that attack to the police, the Federal Trade Commission, or the FBI’s Internet Crime Compliant Center.

RECOGNIZING SCAMS

If is sounds too good to be true, it probably is!

If the message does not appear to be authentic, it’s probably not. Report it.

Check to see if the content of the message appears in search engine results (known scam, etc.)

Watch for typographical errors, bad formatting, poor grammar, etc.

If a message requests you to send your information to them, rather than the other way around.

If you do not have an account with the company that supposedly sending the email.

Suggest tragic consequences or offers protection.

Promises money or gift certificates.

Multiple spelling or grammatical errors, or the logic is contradictory.

A statement urging you to forward the message.