Changes
no edit summary
This guide is designed to raise awareness about general information security in order to help prevent unintentional compromises of sensitive information and computing systems. These resources will illustrate common information security practices that promote users to protect personal as well as institutional information. As community members of Massachusetts College of Liberal Arts you are expected to follow these procedures and be aware of the various malicious threats common place with the information systems that we use on the internet.
<youtube>yeepZr64XjU</youtube>
==Password Security==
<b>MCLA Password/PIN Requirements</b>
Passwords are essential to security at MCLA and act as the first line of defense for protecting campus computer data. No MCLA staff member will ever ask you to provide your password and it should never be shared among users or accessible where others can find it. In addition, it is important to select passwords that are complex enough to prevent others from guessing it or from programs that can 'crack' passwords. MCLA has set requirements and tips to help you select and protect your passwords.
*1. Passwords must be at least eight characters long.
*2. Passwords must contain characters from three of the following four categories:
**a. Uppercase letters (A through Z).
**b. Lowercase letters (a through z).
**c. Numbers (0 through 9).
**d. Non-alphabetic characters (for example, !, $, #, %).
*3. Passwords cannot contain your account name or parts of your full name that exceed two consecutive characters.
* Banner Self Service PINs must be 6 digits long.
<b>Additional Password Security Tips:</b>
* [https://www.microsoft.com/security/pc-security/password-checker.aspx Microsoft's Password Checker] is a helpful tool to measure the strength of a password.
* Try to set different passwords for accounts that provide access to sensitive data than for your less-sensitive or personal accounts.
* Avoid writing passwords down. If you feel that you need to write down the a password to remember it - try writing a password hint instead.
* Ensure that passwords are transmitted securely. When on a website - ensure that the web address starts with "https" as opposed to "http".
* Call the [[MCLA Computer HelpDesk]] immediately if you believe your password has been compromised.
<b>Related Password Security Resources</b>
*[http://www.microsoft.com/security/online-privacy/passwords-create.aspx Microsoft's Strong passwords: How to create and use them]- Recommendations by Microsoft on secure password selection.
==Internet/Email Safety and Privacy==
Cyber criminals are regularly working on new schemes designed to compromise computers. They are essentially out to trick you out of money or potentially getting you to give out personal information such as passwords or social security numbers. These types of scams can lead to theft of identity, bank accounts, and information found on your computer. A computer that has been compromised can put ALL of your information at risk.
<b>Key indicators of a scam</b>
Scams come often times come through email, the internet, or the telephone. The focus is to get you to reveal sensitive information.
Tips on what to look for:
*You are being asked for money, bank account information, or social security numbers.
*Asking you to forward the message on to your friends, family, co-workers, etc.
*The e-mail is not addressed to you, specifically, by name.
*The sender name is not shown, is not someone you know, or doesn’t match the “from” address.
*It has excessive spelling or grammatical errors.
*The offer or deal that is being presented is too good to be true - be skeptical.
*Unsolicited e-mail that have suspicious links. Example: The links contained in the e-mail message doesn’t seem match where the email says the link will take you.
*Unsolicited e-mail that have suspicious attachments. Example: The attachment is an executable file (e.g.: *.zip, *.exe, *.vbs, *.bin, *.com, *.pif, *.zzx)
<b>Phishing</b>
Phishing is a type of scam designed take your personal information (DOB, Social security, bank account information, etc) by having you take action to provide it or take action to expose your computer system so information can be taken from it. The common method is to try to get you to click on a link or open a file.
Examples include:
*"Your account has a problem or needs to be updated" – Often times a method to have you login with your password to expose it.
*"Click this link" – Often times lead to a malicious website that can infect your computer or expose personal information.
*"Open attachment" – Scams that are designed to have you open attachment that contain software that can comprise the security of your computer (malware, viruses, etc).
*Money Phishing – Common method for attempting to expose your bank account or credit card information usually associated with a story about someone needing assistance for accessing money.
<b>Related Internet Safety Resources</b>
*[https://www.sonicwall.com/phishing-iq-test-landing Phishing and Spam IQ Quiz] - An informative quiz that will test your ability to pick the difference between an e-mail scheme and legitimate messages.
*[http://www.us-cert.gov/ncas/tips/ST04-014.html US-CERT Tip: Avoiding Social Engineering and Phishing Attacks]
*[[Sensitive Information in Electronic and Paper-based Systems|MCLA Policy Statement - Sensitive Information in Electronic and Paper-based Systems]]
==Identity Theft==
*What to do if you think you might be the victim of Identity Theft
In the event that you are notified that your personal information, credit card information, or bank information may have been compromised there are three steps that you can take to protect your information and be notified should anyone attempt to access your information.
*Act to Protect Your Accounts
Take prompt steps to protect your accounts.
Contact your bank or credit card company to let them know about your situation.
Banks can only close accounts and create new accounts with your authorization. Meeting with the bank personally is ideal.
Systems are already in place at your bank to help protect your account but action on the bank's part must be initiated by you.
Credit card companies can immediately suspend card acceptance and issue new cards.
*Act to Mitigate the Risk of Identify Theft
To mitigate the risk of identity theft, contact the fraud department of any of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. Contact information is as follows:
Equifax (www.equifax.com): 800-525-6285
Experian (www.experian.com): 888-397-3742
TransUnion (www.transunion.com): 800-680-7289
*Notify Social Security
Should you be notified that your Social Security number may have been stolen, please call the Social Security Administration hotline at 877-438-4338 and inform them.
==Additional Resources==
*[http://OnGuardOnline.gov OnGuardOnline.gov] - Tips provided by the federal government on how to guard against internet fraud. There is a very helpful [http://onguardonline.gov/articles/0009-computer-security Computer Security] section.
*[http://www.us-cert.gov/ncas/tips US-CERT Security Tips]- United States Computer Emergency Readiness Team provides a comprehensive list of security tips including tips on the following topics:
**[http://www.us-cert.gov/ncas/tips/ST06-002.html Debunking Some Common Myths]
**[http://www.us-cert.gov/cas/tips/ST05-014.html Real-World Warnings Keep You Safe Online]
**[http://www.us-cert.gov/cas/tips/ST05-013.html Guidelines for Publishing Information Online]
**[http://www.us-cert.gov/cas/tips/ST06-003.html US-CERT's Staying Safe on Social Network Sites]
**[http://www.us-cert.gov/cas/tips/ST05-011.html Effectively Erasing Files]
**[http://www.us-cert.gov/cas/tips/ST04-017.html Protecting Portable Devices]
**[http://www.us-cert.gov/cas/tips/ST05-009.html Benefits and Risks of Free Email Services]
**[http://www.us-cert.gov/cas/tips/ST05-008.html How Anonymous Are You?]
**[http://www.us-cert.gov/cas/tips/ST05-007.html Risks of File-Sharing Technology]
**[http://www.us-cert.gov/cas/tips/ST05-006.html Recovering from Viruses, Worms, and Trojan Horses]
**[http://www.us-cert.gov/cas/tips/ Additional Tips]
<youtube>yeepZr64XjU</youtube>
==Password Security==
<b>MCLA Password/PIN Requirements</b>
Passwords are essential to security at MCLA and act as the first line of defense for protecting campus computer data. No MCLA staff member will ever ask you to provide your password and it should never be shared among users or accessible where others can find it. In addition, it is important to select passwords that are complex enough to prevent others from guessing it or from programs that can 'crack' passwords. MCLA has set requirements and tips to help you select and protect your passwords.
*1. Passwords must be at least eight characters long.
*2. Passwords must contain characters from three of the following four categories:
**a. Uppercase letters (A through Z).
**b. Lowercase letters (a through z).
**c. Numbers (0 through 9).
**d. Non-alphabetic characters (for example, !, $, #, %).
*3. Passwords cannot contain your account name or parts of your full name that exceed two consecutive characters.
* Banner Self Service PINs must be 6 digits long.
<b>Additional Password Security Tips:</b>
* [https://www.microsoft.com/security/pc-security/password-checker.aspx Microsoft's Password Checker] is a helpful tool to measure the strength of a password.
* Try to set different passwords for accounts that provide access to sensitive data than for your less-sensitive or personal accounts.
* Avoid writing passwords down. If you feel that you need to write down the a password to remember it - try writing a password hint instead.
* Ensure that passwords are transmitted securely. When on a website - ensure that the web address starts with "https" as opposed to "http".
* Call the [[MCLA Computer HelpDesk]] immediately if you believe your password has been compromised.
<b>Related Password Security Resources</b>
*[http://www.microsoft.com/security/online-privacy/passwords-create.aspx Microsoft's Strong passwords: How to create and use them]- Recommendations by Microsoft on secure password selection.
==Internet/Email Safety and Privacy==
Cyber criminals are regularly working on new schemes designed to compromise computers. They are essentially out to trick you out of money or potentially getting you to give out personal information such as passwords or social security numbers. These types of scams can lead to theft of identity, bank accounts, and information found on your computer. A computer that has been compromised can put ALL of your information at risk.
<b>Key indicators of a scam</b>
Scams come often times come through email, the internet, or the telephone. The focus is to get you to reveal sensitive information.
Tips on what to look for:
*You are being asked for money, bank account information, or social security numbers.
*Asking you to forward the message on to your friends, family, co-workers, etc.
*The e-mail is not addressed to you, specifically, by name.
*The sender name is not shown, is not someone you know, or doesn’t match the “from” address.
*It has excessive spelling or grammatical errors.
*The offer or deal that is being presented is too good to be true - be skeptical.
*Unsolicited e-mail that have suspicious links. Example: The links contained in the e-mail message doesn’t seem match where the email says the link will take you.
*Unsolicited e-mail that have suspicious attachments. Example: The attachment is an executable file (e.g.: *.zip, *.exe, *.vbs, *.bin, *.com, *.pif, *.zzx)
<b>Phishing</b>
Phishing is a type of scam designed take your personal information (DOB, Social security, bank account information, etc) by having you take action to provide it or take action to expose your computer system so information can be taken from it. The common method is to try to get you to click on a link or open a file.
Examples include:
*"Your account has a problem or needs to be updated" – Often times a method to have you login with your password to expose it.
*"Click this link" – Often times lead to a malicious website that can infect your computer or expose personal information.
*"Open attachment" – Scams that are designed to have you open attachment that contain software that can comprise the security of your computer (malware, viruses, etc).
*Money Phishing – Common method for attempting to expose your bank account or credit card information usually associated with a story about someone needing assistance for accessing money.
<b>Related Internet Safety Resources</b>
*[https://www.sonicwall.com/phishing-iq-test-landing Phishing and Spam IQ Quiz] - An informative quiz that will test your ability to pick the difference between an e-mail scheme and legitimate messages.
*[http://www.us-cert.gov/ncas/tips/ST04-014.html US-CERT Tip: Avoiding Social Engineering and Phishing Attacks]
*[[Sensitive Information in Electronic and Paper-based Systems|MCLA Policy Statement - Sensitive Information in Electronic and Paper-based Systems]]
==Identity Theft==
*What to do if you think you might be the victim of Identity Theft
In the event that you are notified that your personal information, credit card information, or bank information may have been compromised there are three steps that you can take to protect your information and be notified should anyone attempt to access your information.
*Act to Protect Your Accounts
Take prompt steps to protect your accounts.
Contact your bank or credit card company to let them know about your situation.
Banks can only close accounts and create new accounts with your authorization. Meeting with the bank personally is ideal.
Systems are already in place at your bank to help protect your account but action on the bank's part must be initiated by you.
Credit card companies can immediately suspend card acceptance and issue new cards.
*Act to Mitigate the Risk of Identify Theft
To mitigate the risk of identity theft, contact the fraud department of any of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. Contact information is as follows:
Equifax (www.equifax.com): 800-525-6285
Experian (www.experian.com): 888-397-3742
TransUnion (www.transunion.com): 800-680-7289
*Notify Social Security
Should you be notified that your Social Security number may have been stolen, please call the Social Security Administration hotline at 877-438-4338 and inform them.
==Additional Resources==
*[http://OnGuardOnline.gov OnGuardOnline.gov] - Tips provided by the federal government on how to guard against internet fraud. There is a very helpful [http://onguardonline.gov/articles/0009-computer-security Computer Security] section.
*[http://www.us-cert.gov/ncas/tips US-CERT Security Tips]- United States Computer Emergency Readiness Team provides a comprehensive list of security tips including tips on the following topics:
**[http://www.us-cert.gov/ncas/tips/ST06-002.html Debunking Some Common Myths]
**[http://www.us-cert.gov/cas/tips/ST05-014.html Real-World Warnings Keep You Safe Online]
**[http://www.us-cert.gov/cas/tips/ST05-013.html Guidelines for Publishing Information Online]
**[http://www.us-cert.gov/cas/tips/ST06-003.html US-CERT's Staying Safe on Social Network Sites]
**[http://www.us-cert.gov/cas/tips/ST05-011.html Effectively Erasing Files]
**[http://www.us-cert.gov/cas/tips/ST04-017.html Protecting Portable Devices]
**[http://www.us-cert.gov/cas/tips/ST05-009.html Benefits and Risks of Free Email Services]
**[http://www.us-cert.gov/cas/tips/ST05-008.html How Anonymous Are You?]
**[http://www.us-cert.gov/cas/tips/ST05-007.html Risks of File-Sharing Technology]
**[http://www.us-cert.gov/cas/tips/ST05-006.html Recovering from Viruses, Worms, and Trojan Horses]
**[http://www.us-cert.gov/cas/tips/ Additional Tips]
