ITG Computing Tips and Techniques for October

 The original for this article can be found here: https://www.itg.ias.edu/node/542

Computing Tips and Techniques for October

Vol. 3 Issue 8

October is National Cybersecurity Awareness Month

This month marks the sixth annual National Cybersecurity Awareness Month sponsored by the U.S. Department of Homeland Security.  This years Cyber Security Awareness theme is “Our Shared Responsibility”.   As many of us have seen and experienced, the Internet has grown in popularity during the past decade with users turning to it to complete a variety of tasks including emailing, information research, social networking, online gaming and business transactions.  Unfortunately the increased use of the Internet has also made its users vulnerable and prone to becoming victims of identity theft, fraud and malicious crime threats through hacking, spyware, virus infections, cyber bullying and other attacks.  With so many users now connected to this world wide web of information, a malicious action of one could potentially affect many.  Because of this, all Internet users are encouraged to become good cyber-citizens by following safe, secure, and ethical online behaviors.

This month we are sharing with you tips and information on how to stay safe and be a well-informed Internet user. 

-------------------------------------------------------------------

Online Transaction Safety Tips

From Sunbelt Security News

-------------------------------------------------------------------

Today's computing environment is obviously a lot more sophisticated than it was a few years ago. When the Internet was new, there was barely a trace of criminal activity. Unfortunately, as the Internet has become a way of life, and the population has grown, so have the less desirable elements. It is unfortunate that we have to maintain such vigilance to protect what is ours but we try our best to make it easy for you. Here is a simple guide to protect yourself while engaging in online transactions, especially banking.

 

1.      This may sound simple but do not just let anyone use your computer. Control its physical access.

2.      Should you need to be away from your computer - lock, log off or shut it down.

3.      You guessed it - passwords - change them frequently and make them difficult to guess. Like we said before, think passphrase not password.

4.      Do not give your password to anyone; do not save them on the website or leave a sticky tab on your computer with them.

5.      If you see something that does not look right on your account, immediately contact the financial institution. Don't wait to see if it will correct itself. If it looks suspicious, it probably is.

6.      Of course, install all operating system (e.g. Linux, Macintosh, Windows, etc.)  and application updates as well as and antivirus and antispyware applications.

7.      Do not simply click on links in an email to your bank's website. This is not a good practice as phishers prey on people who do so and simply direct them to their own criminal site. You know your bank's website address. You type it in the address line of your web browser and go there.

8.      After you complete your transaction there are a couple of actions you should do:

a)      Make sure you actually log out from the site. Do not just shut the browser or browser tab.

b)      There is another step you can take to truly ensure privacy and security clear your web browsers cache.  This is simple to do - just click on the options or preferences for your particular browser and clean it out. This may seem like overkill and may be you do not want to do it every time but if there is any public access to your computer, why take a chance.

c)      At the very least shut the browser down, while this will not clear the cache it will fully disconnect the connection to your bank's server.

9.      Avoid financial transactions on public computers found at Internet Cafés or public kiosks. This is not really a good idea. However, if you have to, make sure you follow the steps above.

---------------------------------------------------------------------------------------

Tired of remembering multiple passwords? 

Use a password safe

----------------------------------------------------------------------------------------

Worried about writing your passwords down where other people can see them?  Use a password safe.  A password safe is a piece of software that allows you to securely save your passwords in one safe place.  Make sure to backup your password safe, or keep a copy on multiple computers.  This way you only need to remember one master password to access them all.  Click here for password safe download resources https://security.ias.edu/node/21

-------------------------------------------------------------------------------------------------

Do-it-yourself:  How to clean an infected computer

------------------------------------------------------------------------------------------------- 

Is your computer infected?  Heres a link on basic information about viruses and a few lists of tips and resources https://www.itg.ias.edu/net/viruses

There are various free solutions that may help you remove a virus from your computer and get it back up and running. It is a nuisance to have an infected computer.  The virus may be hiding from the scanner.  You can sometimes fix this by booting into Safe Mode, but newer viruses are even smart enough for this trick. Sometimes, booting into a known good operating system and scanning from there is the only way to go.  There are a number of free anti-virus Live CD's available from the Internet.  Just burn it to a CD and reboot.  It is always good to have a couple of these sitting around for just this purpose.  A list is provided on this link https://security.ias.edu/software under Malware > Antivirus Live CD.

A complete set of instructions on how to clean an infected computer can be found here: https://www.itg.ias.edu/security/viruscleaning

-----------------------------------------------------------------------------------------

Protecting Your Privacy

http://www.us-cert.gov/cas/tips/ST04-013.html

---------------------------------------------------------------------------------------- 

Before submitting your email address or other personal information online, you need to be sure that the privacy of that information will be protected. To protect your identity and prevent an attacker from easily accessing additional information about you, avoid providing certain personal information such as your birth date and social security number online.

How do you know if your privacy is being protected?

·       Privacy policy - Before submitting your name, email address, or other personal information on a website, look for the site's privacy policy. This policy should state how the information will be used and whether or not  the  information  will be distributed to other organizations. Companies sometimes share information with partner vendors who offer related products or may offer options to subscribe to particular mailing lists. Look for indications that you are being added to mailing lists by default failing to deselect those options may lead to unwanted spam. If you cannot find a privacy policy on a website, consider contacting the company  to  inquire  about  the policy before you submit personal information, or find an alternate site. Privacy policies sometimes change, so you may want to review them periodically.

·       Evidence that your information is being encrypted - To protect attackers from hijacking your information, any personal information submitted online  should  be  encrypted  so  that it can only be read by the appropriate recipient. Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a lock icon in the bottom right corner of the window. Some sites also indicate whether the data is encrypted when it is stored. If data is encrypted in transit but stored insecurely, an attacker who is able to break into the vendor's system could access your personal information.

What additional steps can you take to protect your privacy?

·       Do business with credible companies - Before supplying any information online, consider the answers to the following questions: do you trust the  business, is  it an established organization with a credible reputation, does the information on the site suggest that there is a concern for the privacy of user information, is there legitimate contact information provided?

·       Do not use your primary email address in online submissions Submitting your email address could result in spam. If you do not want your primary email  account flooded with unwanted messages, consider opening an additional email account for use online. Make sure to log in to the account on a regular basis in case the vendor sends information about changes to policies.

·       Avoid submitting credit card information online - Some companies offer a phone  number you can use to provide your credit card information. Although  this does not guarantee that the information will not be compromised, it eliminates the possibility that attackers will be able to hijack it during the submission process.

·       Devote one credit card to online purchases - To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for use only online. Keep a minimum credit line on the account to limit the amount of charges an attacker can accumulate.

·       Avoid using debit cards for online purchases - Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying. Debit cards, however, do not offer that protection. Because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you even realize it.

·       Take advantage of options to limit exposure of private information - Default options on certain websites may be chosen for convenience, not for security. For example, avoid allowing a website to remember your password. If your password is stored, your profile and any account information you have provided on that site is readily available if an attacker gains access to your computer. Also, evaluate your settings on websites used for social networking. The nature of those sites is to share information, but you can restrict access to certain information so that you limit who can see what (see Staying Safe on Social Network Sites for more information http://www.us-cert.gov/cas/tips/ST06-003.html ). 

The U.S. Department of Homeland Security has more tips and resources on how you can take part in this “Shared Responsibility”  http://www.dhs.gov/national-cyber-security-awareness-month.

We encourage you to practice good cyber security habits, which is essential to protecting your computer systems and potentially your physical safety. Help raise cyber security awareness by sharing the tips you found useful with others.

These Tips and Techniques are brought to you by the Information Technology Group.  These are also available at our website at https://www.itg.ias.edu/node/542  and in RSS feeds through the following link https://www.itg.ias.edu/taxonomy/term/9/0/feed.

ITG Help Desk

Ext. 8044

helpdesk@ias.edu