The IT Security Department recommends the following steps for safe desktop and laptop computing.
While most viruses and system vulnerabilities are associated with computers using Windows, these tips will benefit users of other systems as well.
Change Your Mindset
Why would Hackers pick me? Most victims of computer crime do not think of themselves as an inviting target for an attack. Problem is, the majority of those who prowl the Internet don’t really care about your email messages or file content. Prowlers do care about finding a platform from which to launch anonymous attacks against other computers, or about your credit card number and personal information. Any computer connected to the Internet becomes worthwhile prey.
Why should I care?
If your computer is broken into or infected with a virus, the steps to recovery can consume a few or many hours, depending on the nature and extent of the damage. Some or all of your data can become corrupted or lost. Unwanted aggravation and loss of valuable time is in store for you and others who are involved in performing the recovery steps.
Along with weak passwords and virus-spreading email attachments, unpatched computer systems constitute one of the greatest security threats on the Internet. All major operating system vendors offer mechanisms that will allow you to regularly check for updates and apply them. It is important to keep your system at “current patch level” to minimize your exposure.
Use Antivirus Software & Keep It Current
Keep Your System Protected Against Spyware. If you’re a member of the student body or faculty/staff, FIU makes it easy to do this by providing free McAfee Antivirus.
Be Careful With Passwords
Make passwords strong. Although strong passwords are enforced for FIU logons, other systems may not require you to follow any password guidelines. You should follow FIU’s strong password guidelines whenever possible, even if the system or application you are using does not enforce strong password guidelines.
Don’t let anyone else know or use your password. Don’t write it down; or if you must, keep it in a locked area or in your wallet. Don’t post it on your computer or anywhere around your desk. Don’t include the name of the system or the associated login ID with the password. Change your password periodically, even if it hasn’t been compromised. Don’t type your password while anyone is watching.
Spyware is software that is installed on your computer without your knowledge or is bundled with other software you download from the internet. Spyware can:
- Track what you are doing on your computer for marketing purposes
- Reset the homepage and search pages on your browser
- Create pop-up advertisements
- Slow down your computer’s Internet connection
- Interfere with your computer’s normal operations
- Spyware removal programs are available free for download from the Internet
- Two popular ones are Ad-Aware and Spybot Search and Destroy
Other Good Practices
Bad things happen to your good name when Phishers get a hold of your identity.
Guard against Identity Theft
VISA provides great information concerning how Identity Theft occurs, how you can minimize your risk, what to do if you are a victim, resolving credit problems, etc. View VISA presentation (used with permission from VISA USA, Inc.)
Avoid Phishing Scams
Phishing is the practice of sending millions of bogus emails that appear to come from popular Web sites or from your bank or credit card company. The emails look so official that many people will respond to requests for their password, credit card information, and other personal information. Microsoft recommends the below four steps to avoid Phishing Scams. View the entire article from Microsoft.com.
- Don’t respond to e-mails requesting personal information
- Don’t click on a link in an e-mail that you suspect might be fake
- Check a Web site’s security certificate before you enter any personal information
- Routinely review your credit card and bank statements
Monitor your system’s unused disk space regularly
If you see a large unexplained drop in available space, investigate the cause promptly. Back up your locally stored data regularly and keep copies in another location.
How important is your data to you? If it’s important, it should be backed up. If it matters enough to get upset over losing, it’s worth protecting, and backups are an essential part of data protection. Part of your preventive maintenance and system care should include regular, reliable data backups. No matter how well you treat your system, no matter how much care you take, you cannot guarantee that your data will be safe if it exists in only one place. The risks are much greater than most people realize.
Email-distributed viruses that use spoofing, such as the Klez or Sobig virus, take a random name from somewhere on the infected person’s hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing a virus.
If you receive an alert that you’re sending infected emails, first run a virus scan using McAfee. If you are uninfected, then you may want to reply to the infection alert with this information:
- “Your virus may have appeared to have been sent by me, but I have scanned my system and I am not infected. A number of email-distributed viruses fake, or spoof, the ‘From’ address using a random address taken from the Outlook contacts list or from Web files stored on the hard drive.”
- But keep in mind that a virus alert message is quite often auto generated and sent via an anti-virus server and so replying to the original email may not elicit a response.
- Alternatively, if you receive an email-distributed virus, look at the Internet Headers information to see where the email actually originated from, before firing off a complaint or virus alert to the person you assume sent it. View the complete article.